TY - GEN
T1 - Assessing privacy risks in android
T2 - 1st International Workshop on Risk Assessment and Risk-Driven Testing, RISK 2013, Held in Conjunction with the 25th IFIP International Conference on Testing Software and Systems, ICTSS 2013
AU - Mylonas, Alexios
AU - Theoharidou, Marianthi
AU - Gritzalis, Dimitris
PY - 2014
Y1 - 2014
N2 - The increasing presence of privacy violating apps in app marketplaces poses a significant privacy risk for smartphone users. Current approaches assessing privacy risk lack user input, assuming that the value of each smartphone sub-asset (e.g. contact list, usage history) is perceived similarly across users. Thus, per user privacy risk assessment is not achievable. This paper refines our previous work on smartphone risk assessment by proposing an approach for assessing the privacy risk of Android users. Its cornerstone is impact valuation from users, as well as their usage profiles, which enables assessment of per user risk. Threat likelihood is assessed based on the presence of specific permission combinations, which we consider vulnerabilities that enable privacy threat scenarios. These permission combinations correspond to users' app profiles, i.e. to the app categories of Google Play that each user regularly visits. Finally, the proposed method is demonstrated through a case study.
AB - The increasing presence of privacy violating apps in app marketplaces poses a significant privacy risk for smartphone users. Current approaches assessing privacy risk lack user input, assuming that the value of each smartphone sub-asset (e.g. contact list, usage history) is perceived similarly across users. Thus, per user privacy risk assessment is not achievable. This paper refines our previous work on smartphone risk assessment by proposing an approach for assessing the privacy risk of Android users. Its cornerstone is impact valuation from users, as well as their usage profiles, which enables assessment of per user risk. Threat likelihood is assessed based on the presence of specific permission combinations, which we consider vulnerabilities that enable privacy threat scenarios. These permission combinations correspond to users' app profiles, i.e. to the app categories of Google Play that each user regularly visits. Finally, the proposed method is demonstrated through a case study.
KW - Android
KW - Attacks
KW - Permission
KW - Personal data
KW - Privacy
KW - Risk
UR - http://www.scopus.com/inward/record.url?scp=84905020847&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-07076-6_2
DO - 10.1007/978-3-319-07076-6_2
M3 - Conference contribution
AN - SCOPUS:84905020847
SN - 9783319070759
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 21
EP - 37
BT - Risk Assessment and Risk-Driven Testing - First International Workshop, RISK 2013, Held in Conjunction with ICTSS 2013, Revised Selected Papers
PB - Springer Nature Link
Y2 - 12 November 2013 through 12 November 2013
ER -