Assessing privacy risks in android: A user-centric approach

Alexios Mylonas, Marianthi Theoharidou, Dimitris Gritzalis

Research output: Chapter in Book/Report/Conference proceedingConference contribution

24 Citations (Scopus)

Abstract

The increasing presence of privacy violating apps in app marketplaces poses a significant privacy risk for smartphone users. Current approaches assessing privacy risk lack user input, assuming that the value of each smartphone sub-asset (e.g. contact list, usage history) is perceived similarly across users. Thus, per user privacy risk assessment is not achievable. This paper refines our previous work on smartphone risk assessment by proposing an approach for assessing the privacy risk of Android users. Its cornerstone is impact valuation from users, as well as their usage profiles, which enables assessment of per user risk. Threat likelihood is assessed based on the presence of specific permission combinations, which we consider vulnerabilities that enable privacy threat scenarios. These permission combinations correspond to users' app profiles, i.e. to the app categories of Google Play that each user regularly visits. Finally, the proposed method is demonstrated through a case study.

Original languageEnglish
Title of host publicationRisk Assessment and Risk-Driven Testing - First International Workshop, RISK 2013, Held in Conjunction with ICTSS 2013, Revised Selected Papers
PublisherSpringer Nature Link
Pages21-37
Number of pages17
ISBN (Print)9783319070759
DOIs
Publication statusPublished - 2014
Event1st International Workshop on Risk Assessment and Risk-Driven Testing, RISK 2013, Held in Conjunction with the 25th IFIP International Conference on Testing Software and Systems, ICTSS 2013 - Istanbul, Turkey
Duration: 12 Nov 201312 Nov 2013

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume8418 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference1st International Workshop on Risk Assessment and Risk-Driven Testing, RISK 2013, Held in Conjunction with the 25th IFIP International Conference on Testing Software and Systems, ICTSS 2013
Country/TerritoryTurkey
CityIstanbul
Period12/11/1312/11/13

Keywords

  • Android
  • Attacks
  • Permission
  • Personal data
  • Privacy
  • Risk

Fingerprint

Dive into the research topics of 'Assessing privacy risks in android: A user-centric approach'. Together they form a unique fingerprint.

Cite this