Modeling Users' Mobile App Privacy Preferences: Restoring Usability in a Sea of Permission Settings

In this paper, we investigate the feasibility of identifying a small set of privacy profiles as a way of helping users manage their mobile app privacy preferences. Our analysis does not limit itself to looking at permissions people feel comfortable granting to an app. Instead it relies on static code analysis to determine the purpose for which an app requests each of its permissions, distinguishing for instance between apps relying on particular permissions to deliver their core functionality and apps requesting these permissions to share information with advertising networks or social networks. Using privacy preferences that reflect people’s comfort with the purpose for which different apps request their permissions, we use clustering techniques to identify privacy profiles. A major contribution of this work is to show that, while people’s mobile app privacy preferences are diverse, it is possible to identify a small number of privacy profiles that collectively do a good job at capturing these diverse preferences.

[1]  Malcolm Hall,et al.  ProtectMyPrivacy: detecting and mitigating privacy leaks on iOS devices using crowdsourcing , 2013, MobiSys '13.

[2]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[3]  Lorrie Faith Cranor,et al.  Privacy as part of the app decision-making process , 2013, CHI.

[4]  Todd Millstein,et al.  Dr. Android and Mr. Hide: Fine-grained security policies on unmodified Android , 2011 .

[5]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[6]  Norman M. Sadeh,et al.  Capturing social networking privacy preferences: can default policies help alleviate tradeoffs between expressiveness and user burden? , 2009, Privacy Enhancing Technologies.

[7]  Ponnurangam Kumaraguru,et al.  Privacy Indexes: A Survey of Westin's Studies , 2005 .

[8]  Lorrie Faith Cranor,et al.  Understanding and capturing people’s privacy policies in a mobile social networking application , 2009, Personal and Ubiquitous Computing.

[9]  Christopher D. Manning,et al.  Introduction to Information Retrieval: Hierarchical clustering , 2008 .

[10]  David A. Wagner,et al.  Choice Architecture and Smartphone Privacy: There's a Price for That , 2012, WEIS.

[11]  Vyas Sekar,et al.  Measuring user confidence in smartphone security and privacy , 2012, SOUPS.

[12]  Bill Tomlinson,et al.  Who are the crowdworkers?: shifting demographics in mechanical turk , 2010, CHI Extended Abstracts.

[13]  Lorrie Faith Cranor,et al.  Is Your Inseam a Biometric? Evaluating the Understandability of Mobile Privacy Notice Categories , 2013 .

[14]  Alastair R. Beresford,et al.  MockDroid: trading privacy for application functionality on smartphones , 2011, HotMobile '11.

[15]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[16]  Lorrie Faith Cranor,et al.  User-controllable learning of security and privacy policies , 2008, AISec '08.

[17]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[18]  Swarat Chaudhuri,et al.  A Study of Android Application Security , 2011, USENIX Security Symposium.

[19]  David A. Wagner,et al.  Analyzing inter-application communication in Android , 2011, MobiSys '11.

[20]  David A. Wagner,et al.  How to Ask for Permission , 2012, HotSec.

[21]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[22]  G. N. Lance,et al.  Computer Programs for Hierarchical Polythetic Classification ("Similarity Analyses") , 1966, Comput. J..

[23]  J. Dunn Well-Separated Clusters and Optimal Fuzzy Partitions , 1974 .

[24]  Paul C. van Oorschot,et al.  A methodology for empirical analysis of permission-based security models and its application to android , 2010, CCS '10.

[25]  David A. Wagner,et al.  I've got 99 problems, but vibration ain't one: a survey of smartphone users' concerns , 2012, SPSM '12.

[26]  Richard W. Hamming,et al.  Error detecting and error correcting codes , 1950 .

[27]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[28]  J. H. Ward Hierarchical Grouping to Optimize an Objective Function , 1963 .

[29]  Lorrie Faith Cranor,et al.  A Conundrum of Permissions: Installing Applications on an Android Smartphone , 2012, Financial Cryptography Workshops.

[30]  Steve Hanna,et al.  A survey of mobile malware in the wild , 2011, SPSM '11.

[31]  Gábor J. Székely,et al.  Hierarchical Clustering via Joint Between-Within Distances: Extending Ward's Minimum Variance Method , 2005, J. Classif..

[32]  Lorrie Faith Cranor,et al.  Privacy manipulation and acclimation in a location sharing application , 2013, UbiComp.

[33]  L. Mcquitty Similarity Analysis by Reciprocal Pairs for Discrete and Continuous Data , 1966 .

[34]  David A. Wagner,et al.  The Effectiveness of Application Permissions , 2011, WebApps.

[35]  Norman Sadeh,et al.  Understandable Learning of Privacy Preferences Through Default Personas and Suggestions , 2011 .

[36]  David A. Wagner,et al.  AdDroid: privilege separation for applications and advertisers in Android , 2012, ASIACCS '12.

[37]  Seungyeop Han,et al.  Short paper: enhancing mobile application permissions with runtime feedback and constraints , 2012, SPSM '12.

[38]  L. Cranor,et al.  Curbing Android Permission Creep , 2011 .

[39]  Helen J. Wang,et al.  Permission Re-Delegation: Attacks and Defenses , 2011, USENIX Security Symposium.

[40]  Lorrie Faith Cranor,et al.  Capturing location-privacy preferences: quantifying accuracy and user-burden tradeoffs , 2011, Personal and Ubiquitous Computing.

[41]  P. Rousseeuw Silhouettes: a graphical aid to the interpretation and validation of cluster analysis , 1987 .

[42]  可児 潤也 「"Little Brothers Watching You:" Raising Awareness of Data Leaks on Smartphones」の報告 , 2013 .

[43]  Xinwen Zhang,et al.  Apex: extending Android permission model and enforcement with user-defined runtime constraints , 2010, ASIACCS '10.

[44]  Norman M. Sadeh,et al.  User-Controllable Learning of Location Privacy Policies With Gaussian Mixture Models , 2011, AAAI.

[45]  Dawn Xiaodong Song,et al.  Mining Permission Request Patterns from Android and Facebook Applications , 2012, 2012 IEEE 12th International Conference on Data Mining.

[46]  Yajin Zhou,et al.  Taming Information-Stealing Smartphone Applications (on Android) , 2011, TRUST.

[47]  William Enck,et al.  Defending Users against Smartphone Apps: Techniques and Future Directions , 2011, ICISS.

[48]  Norman M. Sadeh,et al.  Reconciling mobile app privacy and usability on smartphones: could user privacy profiles help? , 2014, WWW.

[49]  Jason I. Hong,et al.  Mobile Application Evaluation Using Automation and Crowdsourcing , 2013 .

[50]  Bongshin Lee,et al.  Nudging People Away from Privacy-Invasive Mobile Apps through Visual Framing , 2013, INTERACT.

[51]  Douglas B. Kell,et al.  Computational cluster validation in post-genomic data analysis , 2005, Bioinform..

[52]  Norman M. Sadeh,et al.  Modeling people's place naming preferences in location sharing , 2010, UbiComp.

[53]  Norman M. Sadeh,et al.  Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing , 2012, UbiComp.