The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences

Primal Wijesekera ; Arjun Baokar ; Lynn Tsai ; Joel Reardon ; Serge Egelman ; David Wagner ; Konstantin Beznosov

20 April 2017

Abstract: Current smartphone operating systems regulate application permissions by prompting users on an ask-on-first-use basis. Prior research has shown that this method is ineffective because it fails to account for context: the circumstances under which an application first requests access to data may be vastly different than the circumstances under which it subsequently requests access. We performed a longitudinal 131-person field study to analyze the contextuality behind user privacy decisions to regulate access to sensitive resources. We built a classifier to make privacy decisions on the user’s behalf by detecting when context has changed and, when necessary, inferring privacy preferences based on the user’s past decisions and behavior. Our goal is to automatically grant appropriate resource requests without further user intervention, deny inappropriate requests, and only prompt the user when the system is uncertain of the user’s preferences. We show that our approach can accurately predict users’ privacy decisions 96.8% of the time, which is a four-fold reduction in error rate compared to current systems.

Published in: P. Wijesekera, A. Baokar, L.Tsai, J. Reardon, S. Egelman, D. Wagner, K. Beznosov, “The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences,” in IEEE Symposium on Security and Privacy (IEEE S&P), San-Jose, CA, May 2017, 17 pages.:

The record appears in these collections:
Refereed Conference Papers

 Record created 2017-04-20, last modified 2017-04-20

Download fulltextPDF Download fulltextPDF (PDFA)
Rate this document:

Rate this document:
(Not yet reviewed)