@inproceedings{832d26274e9c4b89bb67e78c5a7ee700,
title = "Assessing privacy risks in android: A user-centric approach",
abstract = "The increasing presence of privacy violating apps in app marketplaces poses a significant privacy risk for smartphone users. Current approaches assessing privacy risk lack user input, assuming that the value of each smartphone sub-asset (e.g. contact list, usage history) is perceived similarly across users. Thus, per user privacy risk assessment is not achievable. This paper refines our previous work on smartphone risk assessment by proposing an approach for assessing the privacy risk of Android users. Its cornerstone is impact valuation from users, as well as their usage profiles, which enables assessment of per user risk. Threat likelihood is assessed based on the presence of specific permission combinations, which we consider vulnerabilities that enable privacy threat scenarios. These permission combinations correspond to users' app profiles, i.e. to the app categories of Google Play that each user regularly visits. Finally, the proposed method is demonstrated through a case study.",
keywords = "Android, Attacks, Permission, Personal data, Privacy, Risk",
author = "Alexios Mylonas and Marianthi Theoharidou and Dimitris Gritzalis",
year = "2014",
doi = "10.1007/978-3-319-07076-6_2",
language = "English",
isbn = "9783319070759",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Nature",
pages = "21--37",
booktitle = "Risk Assessment and Risk-Driven Testing - First International Workshop, RISK 2013, Held in Conjunction with ICTSS 2013, Revised Selected Papers",
address = "Netherlands",
note = "1st International Workshop on Risk Assessment and Risk-Driven Testing, RISK 2013, Held in Conjunction with the 25th IFIP International Conference on Testing Software and Systems, ICTSS 2013 ; Conference date: 12-11-2013 Through 12-11-2013",
}