Enhancing Trustability of Android Applications via User-Centric Flexible Permissions

Scoccia, Gian Luca; Malavolta, Ivano; Autili, Marco; Salle, Amleto Di; Inverardi, Paola

doi:10.1109/tse.2019.2941936

Cited by 14 publications

(5 citation statements)

References 56 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Likewise, the introduction of libraries that covertly employ IAMs endangers end-users' privacy and thus it confirms the need for novel solutions for scalable discovery, analysis, and vetting of software libraries [53]. Our previous work [35,36] provides a first step in this direction, enabling mobile users with the means to better control the purpose and extent to which their personal data is used.…”

Section: Discussionmentioning

confidence: 96%

Leave my apps alone!

Scoccia

Kanj

Malavolta

et al. 2020

Proceedings of the IEEE/ACM 7th International Conference on Mobile Software Engineering and Systems

Self Cite

View full text Add to dashboard Cite

To enable app interoperability, the Android platform exposes installed application methods (IAMs), i.e., APIs that allow developers to query for the list of apps installed on a user's device. It is known that information collected through IAMs can be used to precisely deduce end-users interests and personal traits, thus raising privacy concerns. In this paper, we present a large-scale empirical study investigating the presence of IAMs in Android apps and their usage by Android developers. Our results highlight that: (i) IAMs are widely used in commercial applications while their popularity is limited in open-source ones; (ii) IAM calls are mostly performed in included libraries code; (iii) more than one-third of libraries that employ IAMs are advertisement libraries; (iv) a small number of popular advertisement libraries account for over 33% of all usages of IAMs by bundled libraries; (v) developers are not always aware that their apps include IAMs calls. Based on the collected data, we confirm the need to (i) revise the way IAMs are currently managed by the Android platform, introducing either an ad-hoc permission or an opt-out mechanism and (ii) improve both developers and end-users awareness with respect to the privacy-related concerns raised by IAMs.

show abstract

Section: Discussionmentioning

confidence: 96%

Leave my apps alone!

Scoccia

Kanj

Malavolta

et al. 2020

Proceedings of the IEEE/ACM 7th International Conference on Mobile Software Engineering and Systems

Self Cite

View full text Add to dashboard Cite

show abstract

“…Current solutions fail to address this subjective aspect of privacy, considering all users as equals. In light of these considerations, we can identify one research area currently open and overlooked: the design of more user-centric approaches to privacy, where users are provided with the necessary tools to specify and validate the "personal" requirements to which an application must comply [218,219]. Developers are being left out of the equation too!…”

Section: Discussion and Future Research Challengesmentioning

confidence: 99%

Software engineering techniques for statically analyzing mobile apps: research trends, characteristics, and potential for industrial adoption

Autili

Malavolta

Perucci

et al. 2021

J Internet Serv Appl

Self Cite

View full text Add to dashboard Cite

Mobile platforms are rapidly and continuously changing, with support for new sensors, APIs, and programming abstractions. Static analysis is gaining a growing interest, allowing developers to predict properties about the run-time behavior of mobile apps without executing them. Over the years, literally hundreds of static analysis techniques have been proposed, ranging from structural and control-flow analysis to state-based analysis.In this paper, we present a systematic mapping study aimed at identifying, evaluating and classifying characteristics, trends and potential for industrial adoption of existing research in static analysis of mobile apps. Starting from over 12,000 potentially relevant studies, we applied a rigorous selection procedure resulting in 261 primary studies along a time span of 9 years. We analyzed each primary study according to a rigorously-defined classification framework. The results of this study give a solid foundation for assessing existing and future approaches for static analysis of mobile apps, especially in terms of their industrial adoptability.Researchers and practitioners can use the results of this study to (i) identify existing research/technical gaps to target, (ii) understand how approaches developed in academia can be successfully transferred to industry, and (iii) better position their (past and future) approaches for static analysis of mobile apps.

show abstract

“…This approach aimed at supporting end-users to control and manage Android permissions. Users who installed the apps with AFP configuration can identify and customize finegrained permission levels on private or confidential resources [79,80]. In the same year, [81] introduced a dynamic analysis approach that monitors the permissions requested by apps during the run-time and recognizes those requested permissions by the app's fundamental functionality from those demanded by third-party libraries linked with the app [81].…”

Section: Android Existing Privacy Approaches Using Dynamic Analysismentioning

confidence: 99%

User Privacy and Data Flow Control for Android Apps: Systematic Literature Review

Al-Kindi

Sarrab

Alzeidi

2021

JCSANDM

View full text Add to dashboard Cite

Android mobile apps gain access to numerous users’ private data. Users of different Android mobile apps have less control over their sensitive data during their installation and run-time. Too often, these apps consider data privacy less serious than users’ expectations. Many mobile apps misbehave and upload users’ data without permission which confirmed the possibility of privacy leakage through different network channels. The literature has proposed various approaches to protect user’s data and avoid privacy violations. In this paper, we provide a comprehensive overview of state-of-art research on Android user privacy, and data flow control. the aim is to highlight the main trends, pinpoint the main methodologies applied, and enumerate the privacy violations faced by Android users. We also shed some light on the directions where the researcher’s community effort is still needed. To this end, we conduct a Systematic Literature Review (SLR) during which we surveyed 114 relevant research papers published in leading conferences and journals. Our thorough examination of the relevant literature has led to a critical analysis of the proposed solutions with a focus on user privacy extensions and mechanism for the Android mobile platform. Furthermore, possible solutions and research directions have been discussed.

show abstract

Enhancing Trustability of Android Applications via User-Centric Flexible Permissions

Cited by 14 publications

References 56 publications

Leave my apps alone!

Leave my apps alone!

Software engineering techniques for statically analyzing mobile apps: research trends, characteristics, and potential for industrial adoption

User Privacy and Data Flow Control for Android Apps: Systematic Literature Review

Contact Info

Product

Resources

About