Dynamically Regulating Mobile Application Permissions

Primal Wijesekera ; Arjun Baokar ; Lynn Tsai ; Joel Reardon ; Serge Egelman ; David Wagner ; Konstantin Beznosov

08 February 2018

Abstract: Current smartphone operating systems employ permission systems to regulate how apps access sensitive resources. These systems are not well-aligned with users’ privacy expectations: users often have no idea how often and under what circumstances their personal data is accessed. We conducted a 131-person field study to devise ways to systematically reduce this disconnect between expectations and reality. We found that a significant portion of participants make contextual privacy decisions: when determining whether access to sensitive data is appropriate, they consider what they are doing on their phones at the time, including whether they are actively using the applications requesting their data. We show that current privacy mechanisms do not do a good job of accounting for these contextual factors, but that by applying machine learning to account for context, we can reduce privacy violations by 80, while also minimizing user involvement.

Keyword(s): mobile privacy ; permission systems ; machine learning ; security

Published in: P. Wijesekera et al., "Dynamically Regulating Mobile Application Permissions," in IEEE Security & Privacy, vol. 16, no. 1, pp. 64-71, January/February 2018. doi: 10.1109/MSP.2018.1331031 keywords: {Computer security;Medical devices;Mobile communication;Privacy;Smart phones;IEEE Symposium on Security and Privacy;machine learning;mobile privacy;permission systems;security}, URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8283440&isnumber=8283426:

The record appears in these collections:

 Record created 2018-02-08, last modified 2018-02-14

Download fulltextPDF Download fulltextPDF (PDFA)
Rate this document:

Rate this document:
(Not yet reviewed)