Understanding Mobile Users’ Privacy Expectations: A Recommendation-Based Method Through Crowdsourcing

Privacy is a pivotal issue of mobile apps because there is a plethora of personal and sensitive information in smartphones. Many mechanisms and tools are proposed to detect and mitigate privacy leaks. However, they rarely consider users’ preferences and expectations. Users hold various expectation towards different mobile apps. For example, users may allow a social app to access their photos rather than a game app because it goes beyond users’ expectation to access personal photos. Therefore, we believe it is practical and beneficial to understand users’ privacy expectations on various mobile apps and help them mitigate privacy risks introduced by smartphones. To achieve this objective, we propose and implement PriWe, a system based on crowdsourcing driven by users who contribute privacy permission settings of the apps installed on their smartphones. PriWe leverages the crowdsourced permission settings to understand users’ privacy expectations and provides app specific recommendations to mitigate information leakage. We deployed PriWe in the real world for evaluation. According to the feedback of 78 users who evaluated our system and 422 participants who completed our survey, PriWe is able to make proper recommendations which can match participants’ privacy expectations and are mostly accepted by users, thereby help them to mitigate privacy disclosure in smartphones.

[1]  Jae-Woo Chang,et al.  Privacy-Aware Cloaking Technique in Location-Based Services , 2012, 2012 IEEE First International Conference on Mobile Services.

[2]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[3]  Xuxun Liu,et al.  A Transmission Scheme for Wireless Sensor Networks Using Ant Colony Optimization With Unconventional Characteristics , 2014, IEEE Communications Letters.

[4]  Ren-Hung Hwang,et al.  A Novel Time-Obfuscated Algorithm for Trajectory Privacy Protection , 2014, IEEE Transactions on Services Computing.

[5]  Yuan Zhang,et al.  AppIntent: analyzing sensitive data transmission in android for privacy leakage detection , 2013, CCS.

[6]  Zinaida Benenson,et al.  Android and iOS users' differences concerning security and privacy , 2013, CHI Extended Abstracts.

[7]  Jiannong Cao,et al.  PriMe: Human-centric privacy measurement based on user preferences towards data sharing in mobile participatory sensing systems , 2016, 2016 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[8]  Jie Li,et al.  A green and reliable communication modeling for industrial internet of things , 2017, Comput. Electr. Eng..

[9]  Fadi Mohsen,et al.  Towards Enhancing the Security of OAuth Implementations in Smart Phones , 2014, 2014 IEEE International Conference on Mobile Services.

[10]  John Riedl,et al.  An Algorithmic Framework for Performing Collaborative Filtering , 1999, SIGIR Forum.

[11]  Qiang Yang,et al.  Scalable collaborative filtering using cluster-based smoothing , 2005, SIGIR '05.

[12]  Ahmad-Reza Sadeghi,et al.  Flexible and Fine-grained Mandatory Access Control on Android for Diverse Security and Privacy Policies , 2013, USENIX Security Symposium.

[13]  Jiming Chen,et al.  Mobility and Intruder Prior Information Improving the Barrier Coverage of Sparse Sensor Networks , 2014, IEEE Transactions on Mobile Computing.

[14]  Geoffrey J. McLachlan,et al.  Analyzing Microarray Gene Expression Data , 2004 .

[15]  Yajin Zhou,et al.  Detecting Passive Content Leaks and Pollution in Android Applications , 2013, NDSS.

[16]  Stefan Kraxberger,et al.  Android Security Permissions - Can We Trust Them? , 2011, MobiSec.

[17]  Christopher Krügel,et al.  Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications , 2014, NDSS.

[18]  Norman M. Sadeh,et al.  Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing , 2012, UbiComp.

[19]  Jacques Klein,et al.  Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges and Solutions for Analyzing Android , 2014, IEEE Transactions on Software Engineering.

[20]  Elisa Bertino,et al.  Security-Aware Service Composition with Fine-Grained Information Flow Control , 2013, IEEE Transactions on Services Computing.

[21]  Jiannong Cao,et al.  PriWe: Recommendation for Privacy Settings of Mobile Apps Based on Crowdsourced Users' Expectations , 2015, 2015 IEEE International Conference on Mobile Services.

[22]  Malcolm Hall,et al.  ProtectMyPrivacy: detecting and mitigating privacy leaks on iOS devices using crowdsourcing , 2013, MobiSys '13.

[23]  Alastair R. Beresford,et al.  MockDroid: trading privacy for application functionality on smartphones , 2011, HotMobile '11.

[24]  Jiannong Cao,et al.  When Privacy Meets Usability: Unobtrusive Privacy Permission Recommendation System for Mobile Apps Based on Crowdsourcing , 2018, IEEE Transactions on Services Computing.

[25]  Paul C. van Oorschot,et al.  A methodology for empirical analysis of permission-based security models and its application to android , 2010, CCS '10.

[26]  Lorrie Faith Cranor,et al.  A Conundrum of Permissions: Installing Applications on an Android Smartphone , 2012, Financial Cryptography Workshops.

[27]  Michael K. Reiter,et al.  Crowdsourced Exploration of Security Configurations , 2015, CHI.

[28]  Indrakshi Ray,et al.  Satisfiability Analysis of Workflows with Control-Flow Patterns and Authorization Constraints , 2014, IEEE Transactions on Services Computing.

[29]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[30]  Mingxuan Sun,et al.  A Comparative Study of Collaborative Filtering Algorithms , 2012, Proceedings of the International Conference on Knowledge Discovery and Information Retrieval.

[31]  Odej Kao,et al.  Security and Communication Architecture for Networked Medical Devices in Mobility-Aware eHealth Environments , 2012, 2012 IEEE First International Conference on Mobile Services.

[32]  Byung-Gon Chun,et al.  TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones , 2014, Commun. ACM.

[33]  Xiangyu Liu,et al.  An Empirical Study on Android for Saving Non-shared Data on Public Storage , 2014, SEC.

[34]  H. Nissenbaum Privacy as contextual integrity , 2004 .

[35]  Robert Boguslaw,et al.  Privacy and Freedom , 1968 .

[36]  Louis D. Brandeis,et al.  The Right to Privacy , 1890 .

[37]  Guihai Chen,et al.  Quality of Energy Provisioning for Wireless Power Transfer , 2015, IEEE Transactions on Parallel and Distributed Systems.

[38]  Yajin Zhou,et al.  A Survey of Android Malware , 2013 .

[39]  Kim-Kwang Raymond Choo,et al.  Enhancing User Privacy on Android Mobile Devices via Permissions Removal , 2014, 2014 47th Hawaii International Conference on System Sciences.

[40]  David J. Danelski,et al.  Privacy and Freedom , 1968 .