A Multilateral Privacy Impact Analysis Method for Android Apps

Hatamian, Majid; Momen, Nurul; Fritsch, Lothar; Rannenberg, Kai

doi:10.1007/978-3-030-21752-5_7

Cited by 20 publications

(36 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this context, personal data is defined as ''any information relating to an identified or identifiable natural person'', also called data subject (Art. 4 (1)). This definition is rather broad, resulting in difficult legal discussions on whether a specific data type is to be regarded as personal data or not.…”

Section: B Relevant Legal Principlesmentioning

confidence: 99%

“…Depending on the resource types, consent from users is required. Android defines four types of permissions 1 : Normal, Dangerous, Signature, and Sig-natureOrSystem. Normal level permissions allow access to resources that are considered low-risk, and they are granted during the installation of any package requesting them.…”

Section: A Smartphone Ecosystemsmentioning

confidence: 99%

“…Users are often unaware of data collection practices of apps and unknowingly make a compromise against their own privacy for financial and functional benefits. This is also due to the lack of proper transparency notices and privacy indicators in app markets that would make users aware of privacy practices of apps and could assist them in an informed privacy decision-making process [1]. As the main producer of apps, developers are…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Engineering Privacy in Smartphone Apps: A Technical Guideline Catalog for App Developers

Hatamian

2020

IEEE Access

Self Cite

View full text Add to dashboard Cite

With the rapid growth of technology in recent years, we are surrounded by or even dependent on the use of technological devices such as smartphones as they are now an indispensable part of our life. Smartphone applications (apps) provide a wide range of utilities such as navigation, entertainment, fitness, etc. To provide such context-sensitive services to users, apps need to access users' data including sensitive ones, which in turn, can potentially lead to privacy invasions. To protect users against potential privacy invasions in such a vulnerable ecosystem, legislation such as the European Union General Data Protection Regulation (EU GDPR) demands best privacy practices. Therefore, app developers are required to make their apps compatible with legal privacy principles enforced by law. However, this is not an easy task for app developers to comprehend purely legal principles to understand what needs to be implemented. Similarly, bridging the gap between legal principles and technical implementations to understand how legal principles need to be implemented is another barrier to develop privacy-friendly apps. To this end, this paper proposes a privacy and security design guide catalog for app developers to assist them in understanding and adopting the most relevant privacy and security principles in the context of smartphone apps. The presented catalog is aimed at mapping the identified legal principles to practical privacy and security solutions that can be implemented by developers to ensure enhanced privacy aligned with existing legislation. Through conducting a case study, it is confirmed that there is a significant gap between what developers are doing in reality and what they promise to do. This paper provides researchers and developers of privacy-related technicalities an overview of the characteristics of existing privacy requirements needed to be implemented in smartphone ecosystems, on which they can base their work.

show abstract

Section: B Relevant Legal Principlesmentioning

confidence: 99%

Section: A Smartphone Ecosystemsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Engineering Privacy in Smartphone Apps: A Technical Guideline Catalog for App Developers

Hatamian

2020

IEEE Access

Self Cite

View full text Add to dashboard Cite

show abstract

“…Convenience, ease of use, rich features and functionality are the established criteria for rating an app [21]. The excessive data harvesting nature of apps hardly features in the rating procedure [20]. As this negative attribute is rather kept hidden from the interface, apps' privacy invasive behavior has a very narrow scope to play an important part in a users' decision-making process while selecting an app.…”

Section: Introductionmentioning

confidence: 99%

Nudging the User with Privacy Indicator: A Study on the App Selection Behavior of the User

Bock

Momen

2020

Proceedings of the 11th Nordic Conference on Human-Computer Interaction: Shaping Experiences, Shaping Society

Self Cite

View full text Add to dashboard Cite

This paper presents an empirical study on user behavior, decision making, and perception about privacy concern while selecting apps. An app store demo was presented to the user with a minor modification-a privacy indicator for each app. After carrying out several tasks using this modified mobile interface, participants were interviewed to document reasons behind their decisions, thought process, and perception regarding individual privacy. A total of 82 adults volunteered under the pretext of a usability study. A significant influence of the privacy indicator on their app selection behavior was observed, although this influence decreased in case of familiar apps. Furthermore, responses from questionnaires, data from eye-tracking device and documented interviews, with video confrontation showed coherence with respect to the corresponding app selection behavior.CCS Concepts: • Security and privacy → Privacy protections; Usability in security and privacy; • Human-centered computing → Empirical studies in ubiquitous and mobile computing.

show abstract

“…Mobile apps (Android and iOS) also cause a threat to user privacy [7][8][9][10][11][12][13][14]. App user identities are frequently compromised even with consensus [15,16].…”

Section: Introductionmentioning

confidence: 99%

Personal Information Classification on Aggregated Android Application’s Permissions

et al. 2019

View full text Add to dashboard Cite

Android is offering millions of apps on Google Play-store by the application publishers. However, those publishers do have a parent organization and share information with them. Through the ‘Android permission system’, a user permits an app to access sensitive personal data. Large-scale personal data integration can reveal user identity, enabling new insights and earn revenue for the organizations. Similarly, aggregation of Android app permissions by the app owning parent organizations can also cause privacy leakage by revealing the user profile. This work classifies risky personal data by proposing a threat model on the large-scale app permission aggregation by the app publishers and associated owners. A Google-play application programming interface (API) assisted web app is developed that visualizes all the permissions an app owner can collectively gather through multiple apps released via several publishers. The work empirically validates the performance of the risk model with two case studies. The top two Korean app owners, seven publishers, 108 apps and 720 sets of permissions are studied. With reasonable accuracy, the study finds the contact number, biometric ID, address, social graph, human behavior, email, location and unique ID as frequently exposed data. Finally, the work concludes that the real-time tracking of aggregated permissions can limit the odds of user profiling.

show abstract

A Multilateral Privacy Impact Analysis Method for Android Apps

Cited by 20 publications

References 24 publications

Engineering Privacy in Smartphone Apps: A Technical Guideline Catalog for App Developers

Engineering Privacy in Smartphone Apps: A Technical Guideline Catalog for App Developers

Nudging the User with Privacy Indicator: A Study on the App Selection Behavior of the User

Personal Information Classification on Aggregated Android Application’s Permissions

Contact Info

Product

Resources

About