A new approach for managing Android permissions: learning users’ preferences

Oglaza, Arnaud; Laborde, Romain; Zaraté, Pascale; Benzekri, Abdelmalek; Barrère, François

doi:10.1186/s13635-017-0065-4

Cited by 7 publications

(5 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Oglaza et al present in [42] Kapuer, an IBAC (Identity Based Access Control) related permission management system for Android devices that: i) learns users' privacy preferences with a novel learning algorithm, ii) proposes abstract authorization rules, and iii) provides advanced features to manage these high-level rules.…”

Section: A Access Controlmentioning

confidence: 99%

ARANAC: A Bring-Your-Own-Permissions Network Access Control Methodology for Android Devices

et al. 2021

View full text Add to dashboard Cite

In this paper, we introduce a new methodology for network access control for Android devices based on app risk assessment. Named ARANAC (which stands for Application Risk Assessment based Network Access Control), this methodology is specially tailored for scenarios using the Bring-Your-Own-Device (BYOD) policy, where the adoption of some solutions can lead to problems in security and privacy for both the employees and the business organization. ARANAC mainly relies on the analysis of an aggregate of permissions declared in the manifests of installed applications on users' devices. The access control scheme combines three operational modules: i) a device monitoring tool, ii) a novel permission-based risk model, and iii) an anomaly-based detection machine learning module based on a methodology (called MSNM, from Multivariate Statistical Network Monitoring) that provides both detection and diagnostic capabilities. ARANAC's novelty is in the combination of four features. Firstly, it is privacy-aware, and thus, it does not require detailed information about installed applications but only an aggregate of permissions. Secondly, it builds a normality model by combining expert knowledge with data, capturing the behavior of a complete population of mobile devices. Thirdly, it is dynamic, as permissions are updated in real time, allowing the network to re-assess access control on a continuous basis. Finally, its diagnostic capabilities allow for giving recommendations to final users so that they are capable of mitigating their risks when accessing networks. We evaluated the approach with more than 80 Android devices at a university campus network and obtained interesting results regarding security risks in the usual deployment of device apps.INDEX TERMS Android permissions, bring-your-own-device, mobile security, network access control, risk assessment.

show abstract

Section: A Access Controlmentioning

confidence: 99%

ARANAC: A Bring-Your-Own-Permissions Network Access Control Methodology for Android Devices

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Oglaza et al [55] propose Kapuer, a system that uses machine learning to understand user preferences and create rules that permit or deny a permission configuration request. Kapuer can also create high-level permission configuration rules such as "Applications from Social category can have local access to user data" which is a global rule for all the applications from the social category.…”

Section: Approaches That Recommend Permissions Configurationmentioning

confidence: 99%

Functionality-based mobile application recommendation system with security and privacy awareness

Rocha¹,

Souto

El-Khatib

2020

Computers & Security

View full text Add to dashboard Cite

“…Di sini perlu memahami arsitektur OS Android untuk menilai tingkat kekritisannya yang sebenarnya. Dari informasi izin ini akan dapat terlihat seberapa banyak izin yang diminta aplikasi dan seberapa banyak yang dalam kategori dangerous permissions (Oglaza, 2017). Contoh hasil analisis yang ditampilkan oleh MobSF seperti pada Gambar 3.…”

Section: Gambar 3 Halaman Hasil Analisis Pada Mobsfunclassified

Analisis Statis Menggunakan Mobile Security Framework Untuk Pengujian Keamanan Aplikasi Mobile E-Commerce Berbasis Android

Hanifurohman

2020

Sebatik

View full text Add to dashboard Cite

Pengguna internet di Indonesia setiap tahunnya mengalami peningkatan yang terus naik. Peningkatan yang pesat ini diiukuti juga dengan penggunaan internat menggunakan perangkat mobile. Hal ini memberikan dampak positif ke beberapa sektor bisnis seperti jual beli online dan juga memicu munculnya beragam aplikasi mobile khususnya pada platform android. Oleh karena itu perlu dilakukan analisis keamanan terhadap aplikasi dengan melakukan pengujian/pengukuran terhadap tingkat keamanan aplikasi. Tujuan dari penelitian ini adalah untuk meningkatkan pemahaman kepada pengguna aplikasi mobile e-commerce terhadap celah-celah keamanan aplikasi mobile e-commerce dan memberikan metode dalam melakukan analisis statis menggunakan Mobile Security Framework (MobSF) untuk melakukan pengujian keamanan terhadap aplikasi mobile e-commerce khususnya yang berbasis android. Analisis statis dilakukan dengan melakukan anailis terhadap kelemahan kriptografi (weak crypto), SSL bypass, penggunaan dangerous permission, hardcode secret, root detection dan domain malware check. Metode yang digunakan dalam melakukan anailis adalah Mobile Security Framework (MobSF). Sistem ini mempunyai tiga fase, yaitu kebutuhan perencanaan, proses desain RAD dan fase implementasi. Hasil analisis keamanan keamanan yang dilakukan pada aplikasi mobile e-commerce yaitu SP, TP, LZ, BL dan SR yang merupakan lima besar mobile e-commerce berbasis android paling populer di Indonesia menunjukkan bahwa beberapa celah keamanan masih terdapat dari di kelima aplikasi hasil tersebut yang perlu diketahui baik oleh pengguna maupun pengembang aplikasi.

show abstract

A new approach for managing Android permissions: learning users’ preferences

Cited by 7 publications

References 25 publications

ARANAC: A Bring-Your-Own-Permissions Network Access Control Methodology for Android Devices

ARANAC: A Bring-Your-Own-Permissions Network Access Control Methodology for Android Devices

Functionality-based mobile application recommendation system with security and privacy awareness

Analisis Statis Menggunakan Mobile Security Framework Untuk Pengujian Keamanan Aplikasi Mobile E-Commerce Berbasis Android

Contact Info

Product

Resources

About