You can't always get what you want: towards user-controlled privacy on Android

Caputo, Davide; Pagano, Francesco; Bottino, Giovanni; Verderame, Luca; Merlo, Alessio

doi:10.48550/arxiv.2106.02483

Cited by 1 publication

(2 citation statements)

References 23 publications

(34 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several studies have explored the introduction of fine controls over permissions at the framework, the middle layer, or the operating system-level using different strategies (Beresford et al, 2011;Zhou et al, 2011;Brutschy et al, 2015;Nauman et al, 2010;Jeon et al, 2012;Liu et al, 2016b;Caputo et al, 2021). Proposed techniques such as Mockdroid (Beresford et al, 2011), and TISSA (Zhou et al, 2011) facilitate users to control access whenever access to the resource is attempted by providing dummy information instead of the real one.…”

Section: Low-level Modificationmentioning

confidence: 99%

“…FlaskDroid (Bugiel et al, 2013) on the other hand, provides compulsory access control on Android's middleware and kernel layers to avert unwanted information disclosure. Some recent solutions, such as (Caputo et al, 2021) focused on anonymization of data to preserve the privacy of the user. In (Qu et al, 2020), authors introduce an automatic permission management model, which collectively considers the risk of the permission, functionalities of the app, and user's privacy requirement.…”

Section: Low-level Modificationmentioning

confidence: 99%

See 1 more Smart Citation

Intent-aware Permission Architecture: A Model for Rethinking Informed Consent for Android Apps

Rahman

Miller

Hossain

et al. 2022

Proceedings of the 8th International Conference on Information Systems Security and Privacy

View full text Add to dashboard Cite

As data privacy continues to be a crucial human-right concern as recognized by the UN, regulatory agencies have demanded developers obtain user permission before accessing user-sensitive data. Mainly through the use of privacy policies statements, developers fulfill their legal requirements to keep users abreast of the requests for their data. In addition, platforms such as Android enforces explicit permission request using the permission model. Nonetheless, recent research has shown that service providers hardly make full disclosure when requesting data in these statements. Neither is the current permission model designed to provide adequate informed consent. Often users have no clear understanding of the reason and scope of usage of the data request. This paper proposes an unambiguous, informed consent process that provides developers with a standardized method for declaring Intent. Our proposed Intent-aware permission architecture extends the current Android permission model with a precise mechanism for full disclosure of purpose and scope limitation. The design of which is based on an ontology study of data requests purposes. The overarching objective of this model is to ensure end-users are adequately informed before making decisions on their data. Additionally, this model has the potential to improve trust between end-users and developers.

show abstract