Enhancement on privacy permission management for Android apps

Shinde, Supriya S.; Sambare, S. S.

doi:10.1109/gcct.2015.7342779

Cited by 2 publications

(2 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Apex (Nauman et al, 2010) propose a mechanism for users to carefully grant permissions to apps based on runtime contextual information, such as the device location or how frequently a resource has been previously used. Other solutions such as (Hornyack et al, 2011;Shinde and Sambare, 2015;Liu et al, 2016a;Rashidi et al, 2016;Chen et al, 2017;Raval et al, 2019) proposed permission configuration interface that will allow users to control the activities of third-party apps. FlaskDroid (Bugiel et al, 2013) on the other hand, provides compulsory access control on Android's middleware and kernel layers to avert unwanted information disclosure.…”

Section: Low-level Modificationmentioning

confidence: 99%

Intent-aware Permission Architecture: A Model for Rethinking Informed Consent for Android Apps

Rahman

Miller

Hossain

et al. 2022

Proceedings of the 8th International Conference on Information Systems Security and Privacy

View full text Add to dashboard Cite

As data privacy continues to be a crucial human-right concern as recognized by the UN, regulatory agencies have demanded developers obtain user permission before accessing user-sensitive data. Mainly through the use of privacy policies statements, developers fulfill their legal requirements to keep users abreast of the requests for their data. In addition, platforms such as Android enforces explicit permission request using the permission model. Nonetheless, recent research has shown that service providers hardly make full disclosure when requesting data in these statements. Neither is the current permission model designed to provide adequate informed consent. Often users have no clear understanding of the reason and scope of usage of the data request. This paper proposes an unambiguous, informed consent process that provides developers with a standardized method for declaring Intent. Our proposed Intent-aware permission architecture extends the current Android permission model with a precise mechanism for full disclosure of purpose and scope limitation. The design of which is based on an ontology study of data requests purposes. The overarching objective of this model is to ensure end-users are adequately informed before making decisions on their data. Additionally, this model has the potential to improve trust between end-users and developers.

show abstract

Section: Low-level Modificationmentioning

confidence: 99%

Intent-aware Permission Architecture: A Model for Rethinking Informed Consent for Android Apps

Rahman

Miller

Hossain

et al. 2022

Proceedings of the 8th International Conference on Information Systems Security and Privacy

View full text Add to dashboard Cite

show abstract

“…Static detection methods [8] mainly concern the analysis of signature information, permission information of APKs. Dynamic detection methods [9], [10], [11] can trigger the malicious behavior of malicious programs by running android applications. Common dynamic testing tools include Monkey, MonkeyRunner, TaintDroid, droidBox and so on [12].…”

Section: Related Workmentioning

confidence: 99%

Whether Android Applications Broadcast Your Private information: A Naive Bayesian-based Analysis Approach (S)

Lin¹,

Ni²,

Mao

et al. 2018

International Conferences on Software Engineering and Knowledge Engineering

View full text Add to dashboard Cite

With the rapid development of android smart terminals, android applications are exhibiting explosive growth. However, there remains a challenging issue facing android system, a malicious application may broadcast user's private information. In this paper, we propose a Naive Bayesian-based approach for analyzing private information leakage under the android broadcast mechanism, which calls BRbysA. Firstly, broadcast actions registered in manifest.xml are picked up statically by keyword matching technique. Secondly, with the Xposed framework, the broadcast actions specified at run time are discovered by hooking broadcast callback onReceive() function. Combining the above two ways, we can capture all real-time broadcast actions in an android application. Thirdly, we adopt Naive Bayesian learning algorithm, all broadcast actions which involved in users' privacy leakage are analyzed and classified. Finally, we evaluate the proposed approach by using the dataset from Drebin and Google Play.

show abstract

Enhancement on privacy permission management for Android apps

Cited by 2 publications

References 4 publications

Intent-aware Permission Architecture: A Model for Rethinking Informed Consent for Android Apps

Intent-aware Permission Architecture: A Model for Rethinking Informed Consent for Android Apps

Whether Android Applications Broadcast Your Private information: A Naive Bayesian-based Analysis Approach (S)

Contact Info

Product

Resources

About