Revealing the unrevealed: Mining smartphone users privacy perception on app markets

Hatamian, Majid; Serna, José Antonio de la O; Rannenberg, Kai

doi:10.1016/j.cose.2019.02.010

Cited by 46 publications

(35 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Perception Analyzer The BA tool enables employees to write (optional) reviews regarding each privacy and security invasive activity that they observe. The main goal of Perception Analyzer (PA) as an extension of our previous work [21] is to mine these bunch of reviews to investigate how much privacy and security relevant claims/statements can be extracted that can be ultimately used for the risk assessment component. These self-written reports are sent to the IT security department of the enterprise as well.…”

Section: Componentsmentioning

confidence: 99%

See 1 more Smart Citation

ESARA: A Framework for Enterprise Smartphone Apps Risk Assessment

Hatamian

Pape

Rannenberg

2019

ICT Systems Security and Privacy Protection

Self Cite

View full text Add to dashboard Cite

Protecting enterprise's confidential data and infrastructure against adversaries and unauthorized accesses has been always challenging. This gets even more critical when it comes to smartphones due to their mobile nature which enables them to have access to a wide range of sensitive information that can be misused. The crucial questions here are: How the employees can make sure the smartphone apps that they use are trustworthy? How can the enterprises check and validate the trustworthiness of apps being used within the enterprise network? What about the security and privacy aspects? Are the confidential information such as passwords, important documents, etc. are treated safely? Are the employees' installed apps monitoring/spying the enterprise environment? To answer these questions, we propose Enterprise Smartphone Apps Risk Assessment (ESARA) as a novel framework to support and enable enterprises to analyze and quantify the potential privacy and security risks associated with their employees' installed apps. Given an app, ESARA first conducts various analyses to characterize its vulnerabilities. Afterwards, it examines the app's behavior and overall privacy and security perceptions associated with it by applying natural language processing and machine learning techniques. The experimental results using app behavior and perception analyses indicate that: (1) ESARA is able to examine apps' behavior for potential invasive activities; and (2) the analyzed privacy and security perceptions by ESARA usually reveal interesting information corresponding to apps' behavior achieved with high accuracy.

show abstract

Section: Componentsmentioning

confidence: 99%

“…We detect not only a privacy and security relevant user review, but also determine the threat hidden in it. To this end, we take the most relevant threats in the context of smartphone ecosystems introduced in [21] into account. These threats are used as the input for the supervised classification algorithm as described in Table 1.…”

Section: T7 Generalmentioning

confidence: 99%

ESARA: A Framework for Enterprise Smartphone Apps Risk Assessment

Hatamian

Pape

Rannenberg

2019

ICT Systems Security and Privacy Protection

Self Cite

View full text Add to dashboard Cite

show abstract

“…We detect not only a privacy and security relevant user review, but also determine the underlying threat. Based on our already proposed threat catalog [18], we use these threats as the input for the classifier as described in Table 1. Allows an attacker to access or infer personal data to use it for marketing purposes, such as profiling.…”

Section: User Reviews Analysis (A4)mentioning

confidence: 99%

“…We were interested to first extract such information, and then, to determine the granularity of privacy relevant statements (to extract potential privacy threats of apps based on the analysis of their user reviews). Based on our previous work [18], we used the collected data as an input for a trained machine learning algorithm (Logistic Regression (LR) implemented in scikit-learn [29]). This ultimately led to a smaller result set.…”

Section: Privacy Relevant Complaints Analysismentioning

confidence: 99%

“…Thus, it is of particular importance to generate transparency by providing quantifiability and thus comparability of apps in regard to their privacy impact [16] This paper presents a combined method for app privacy analysis and increased transparency that uses several sets of input data. In a joint effort, two research groups [18,19,24] performed a data collection campaign and combined several analysis approaches into the method presented in this paper. We analyze textual privacy policies from app markets.…”

mentioning

confidence: 99%

See 1 more Smart Citation

A Multilateral Privacy Impact Analysis Method for Android Apps

Hatamian

Momen

Fritsch

et al. 2019

Privacy Technologies and Policy

Self Cite

View full text Add to dashboard Cite

Smartphone apps have the power to monitor most of people's private lives. Apps can permeate private spaces, access and map social relationships, monitor whereabouts and chart people's activities in digital and/or real world. We are therefore interested in how much information a particular app can and intends to retrieve in a smartphone. Privacy-friendliness of smartphone apps is typically measured based on single-source analyses, which in turn, does not provide a comprehensive measurement regarding the actual privacy risks of apps. This paper presents a multi-source method for privacy analysis and data extraction transparency of Android apps. We describe how we generate several data sets derived from privacy policies, app manifestos, user reviews and actual app profiling at run time. To evaluate our method, we present results from a case study carried out on ten popular fitness and exercise apps. Our results revealed interesting differences concerning the potential privacy impact of apps, with some of the apps in the test set violating critical privacy principles. The result of the case study shows large differences that can help make relevant app choices.

show abstract