论文信息 - Dynamically Regulating Mobile Application Permissions

Dynamically Regulating Mobile Application Permissions

Current smartphone operating systems employ permission systems to regulate how apps access sensitive resources. These systems are not well-aligned with users’ privacy expectations: users often have no idea how often and under what circumstances their personal data is accessed. We conducted a 131-person field study to devise ways to systematically reduce this disconnect between expectations and reality. We found that a significant portion of participants make contextual privacy decisions: when determining whether access to sensitive data is appropriate, they consider what they are doing on their phones at the time, including whether they are actively using the applications requesting their data. We show that current privacy mechanisms do not do a good job of accounting for these contextual factors, but that by applying machine learning to account for context, we can reduce privacy violations by 80, while also minimizing user involvement.

[1] David A. Wagner,et al. Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[2] Norman M. Sadeh,et al. Reconciling mobile app privacy and usability on smartphones: could user privacy profiles help? , 2014, WWW.

[3] David A. Wagner,et al. Turtle Guard: Helping Android Users Apply Contextual Privacy Preferences , 2017, SOUPS.

[4] David A. Wagner,et al. Android Permissions Remystified: A Field Study on Contextual Integrity , 2015, USENIX Security Symposium.

[5] H. Nissenbaum. Privacy as contextual integrity , 2004 .

[6] David A. Wagner,et al. How to Ask for Permission , 2012, HotSec.

[7] Chunming Qiao,et al. PhoneLab: A Large Programmable Smartphone Testbed , 2013, SENSEMINE@SenSys.

[8] Alessandro Acquisti,et al. Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permissions , 2016, SOUPS.