[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content
Springer Nature Link
Log in

Application Transiency: Towards a Fair Trade of Personal Information for Application Services

  • Conference paper
  • First Online:
Security and Privacy in Communication Networks (SecureComm 2019)

  • 979 Accesses

Abstract

Smartphone users are offered a plethora of applications providing services, such as games and entertainment. In 2018, 94% of applications on Google Play were advertised as “free”. However, many of these applications obtain undefined amounts of personal information from unaware users. In this paper, we introduce transiency: a privacy-enhancing feature that prevents applications from running unless explicitly opened by the user. Transient applications can only collect sensitive user information while they are being used, and remain disabled otherwise. We show that a transient app would not be able to detect a sensitive user activity, such as a daily commute to work, unless it was used during the activity. We define characteristics of transient applications and find that, of the top 100 free apps on Google Play, 88 could be made transient. By allowing the user to decide when to allow an app to collect their data, we move towards a fair trade of personal information for application services.

Supported by NSF.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 35.99
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 44.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Source code: https://github.com/rva5120/TransientLauncher.

  2. 2.

    Source code: https://github.com/rva5120/Metis_v2.

References

  1. Elenkov, N.: Android Security Internals. No Starch Press, San Francisco (2015)

    Google Scholar 

  2. Stamp, M.: Information Security Principles and Practice. Wiley, Hoboken (2011)

    Book  Google Scholar 

  3. Jaeger, T.: Operating System Security. Morgan & Claypool Publishers, San Rafael (2008)

    Book  Google Scholar 

  4. Nissenbaum, H.: Privacy as Contextual Integrity. Washington Law Review (2004)

    Google Scholar 

  5. Enck, W., et al.: TaintDroid: an information-flow tracking system for realt ime privacy monitoring on smartphones. In: OSDI (2010)

    Google Scholar 

  6. Pham, A., et al.: PrivateRide: a privacy-enhanced ride-hailing service. In: Proceedings of the 17th Privacy Enhancing Technologies Symposium (2018)

    Google Scholar 

  7. Petracca, G., et al.: AWare: preventing abuse of privacy-sensitive sensors via operation bindings. In: Proceedings of the 26th USENIX Security Symposium. USENIX Security (2017)

    Google Scholar 

  8. Narain, S., Noubir, G.: Mitigating location privacy attacks on mobile devices using dynamic app sandboxing. In: Procededings of the 19th Privacy Enhancing Technologies Symposium (PETS) (2019)

    Article  Google Scholar 

  9. Zhou, Y., Zhang, X., Jiang, X., Freeh, V.W.: Taming information-stealing smartphone applications (on Android). In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) Trust 2011. LNCS, vol. 6740, pp. 93–107. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21599-5_7

    Chapter  Google Scholar 

  10. Tsai, L., et al.: Turtle guard: helping Android users apply contextual privacy preferences. In: Proceedings of the 26th USENIX Security Symposium (2017)

    Google Scholar 

  11. Liu, B., et al.: Follow my recommendations: a personalized privacy assistant for mobile app permissions (2016)

    Google Scholar 

  12. Hornyack, P., Han, S., Jung, J., Schechter, S., Wetheral, D.: These aren’t the droids you’re looking for: retrofitting Android to protect data from imperious applications. In: CCS (2011)

    Google Scholar 

  13. Wijesekera, P., et al.: The feasibility of dynamically granted permissions: aligning mobile privacy with user preferences. In: NDSS (2017)

    Google Scholar 

  14. Votipka, D., Rabin, S.M., Micinski, K., Gilray, T., Mazurek, M.M., Foster, J.S.: User comfort with Android background resource accesses in different contexts. In: Proceedings of the 14th Symposium on Usable Privacy and Security (2018)

    Google Scholar 

  15. Egelman, S., Felt, A.P., Wagner, D.: Choice architecture and smartphone privacy: there’s a price for that. In: Böhme, R. (ed.) The Economics of Information Security and Privacy, pp. 211–236. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39498-0_10

    Chapter  Google Scholar 

  16. Felt, A.P., Egelman, S., Wagner, D.: I’ve got 99 problems, but vibration ain’t one: a survey of smartphone users’ concerns. In: 2nd Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (2012)

    Google Scholar 

  17. Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the 8th Symposium on Usable Privacy and Security (SOUPS) (2012)

    Google Scholar 

  18. Bonné, B., Peddinti, S.T., Bilogrevic, I., Taft, N.: Exploring decision making with Android’s runtime permission dialogs using in-context surveys. In: Proceedings of the 13th Symposium on Usable Privacy and Security (SOUPS) (2017)

    Google Scholar 

  19. Pu, Y., Grossklags, J.: Valuating friends’ privacy: does anonymity of sharing personal data matter? In: Proceedings of the 13th Symposium on Usable Privacy and Security (SOUPS) (2017)

    Google Scholar 

  20. Tsai, J., Egelman, S., Cranor, L., Acquisti, A.: The effect of online privacy information on purchasing behavior: an experimental study. In: 6th Workshop on the Economics of Information Security (2007)

    Google Scholar 

  21. Samat, S., Acquisti, A.: Format vs. content: the impact of risk and presentation on disclosure decisions. In: Proceedings of the 13th Symposium on Usable Privacy and Security (SOUPS) (2017)

    Google Scholar 

  22. Rao, A., Schaub, F., Sadeh, N., Acquisti, A., Kang, R.: Expecting the unexpected: understanding mismatched privacy expectations online. In: Proceedings of the 12th Symposium on Usable Privacy and Security (SOUPS) (2016)

    Google Scholar 

  23. Oates, M., et al.: Turtles, locks, and bathrooms: understanding mental models of privacy through illustration. In: Proceedings of the 18th Privacy Enhancing Technologies Symposium (PETS) (2018)

    Article  Google Scholar 

  24. Ismail, Q., Ahmed, T., Caine, K., Kapadia, A., Reiter, M.: To permit or not to permit, that is the usability question: crowdsourcing mobile apps’ privacy permission settings. In: Proceedings of the 18th Privacy Enhancing Technologies Symposium (PETS) (2017)

    Article  Google Scholar 

  25. Wijesekera, P., Baokar, A., Hosseini, A., Egelman, S., Wagner, D., Beznosov, K.: Android permissions remystified: a field study on contextual integrity. In: Proceedings of the 24th USENIX Security Symposium (2015)

    Google Scholar 

  26. Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions dymistified. In: CCS (2011)

    Google Scholar 

  27. Chatterjee, R., et al.: The spyware used in intimate partner violence. In: IEEE Symposium on Security and Privacy (2018)

    Google Scholar 

  28. Bowers, J., Reaves, B., Sherman, I.N., Traynor, P., Butler, K.: Regulators, mount up! analysis of privacy policies for mobile money services. In: Proceedings of the 13th Symposium on Usable Privacy and Security (SOUPS) (2017)

    Google Scholar 

  29. Das, A., Borisov, N., Chou, E.: Every move you make: exploring practical issues in smartphone motion sensor fingerprinting and countermeasures. In: Proceedings of the 18th Privacy Enhancing Technologies Symposium (PETS) (2018)

    Article  Google Scholar 

  30. Reyes, I., et al.: Won’t somebody think of the children? examining COPPA compliance at scale. In: Proceedings of the 18th Privacy Enhancing Technologies Symposium (2018)

    Article  Google Scholar 

  31. Venkatadri, G., Lucherini, E., Sapiezynski, P., Mislove, A.: Investigating sources of PII used in Facebook’s targeted advertising. In: Proceedings of the 19th Privacy Enhancing Technologies Symposium (2019)

    Article  Google Scholar 

  32. Foppe, L., Martin, J., Mayberry, T., Rye, E.C., Brown, L.: Exploiting TLS client authentication for widespread user tracking (2018)

    Google Scholar 

  33. Bashir, M.A., Wilson, C.: Diffusion of user tracking data in the online advertising ecosystem. In: Proceedings of the 18th Privacy Enhancing Technologies Symposium (2018)

    Article  Google Scholar 

  34. Lifshits, P., et al.: Power to peep-all: inference attacks by malicious batteries on mobile devices. In: Proceedings of the 18th Privacy Enhancing Technologies Symposium (2018)

    Article  Google Scholar 

  35. Eskandari, M., Ahmad, M., Oliveira, A.S., Crispo, B.: Analyzing remote server locations for personal data transfers in mobile apps. In: Proceedings of the 17th Privacy Enhancing Technologies Symposium (2017)

    Article  Google Scholar 

  36. Brookman, J., Rouge, P., Alva, A., Yeung, C.: Cross-device tracking: measurement and disclosures. In: Proceedings of the 17th Privacy Enhancing Technologies Symposium (2017)

    Article  Google Scholar 

  37. Zhou, X., et al.: Identity, location. inferring your secrets from Android public resources. In: CCS, Disease and More (2013)

    Google Scholar 

  38. Park, H., Eun, J., Lee, J.: Why do smartphone users hesitate to delete unused apps? In: MobileHCI (2018)

    Google Scholar 

  39. Senate: Testimony of Mark Zuckerberg. https://www.judiciary.senate.gov/imo/media/doc/04-10-18%20Zuckerberg%20Testimony.pdf. Accessed Feb 2019

  40. https://ipdata.co/ . Accessed Feb 2019

  41. Statista: Distribution of free and paid Android apps (2019). https://www.statista.com/statistics/266211/distribution-of-free-and-paid-android-apps/

  42. Statista: Number of Available Applications in the Google Play Store (2019). https://www.statista.com/statistics/266210/number-of-available-applications-in-the-google-play-store/

  43. Statista: Number of Paying Spotify Subscribers. https://www.statista.com/statistics/244995/number-of-paying-spotify-subscribers/

  44. Google (2019). https://developer.android.com/

  45. Google (2019). https://developer.android.com/guide/components/fundamentals

  46. Google (2019). https://source.android.com/

  47. Google: Codelabs (2019). https://codelabs.developers.google.com/

  48. Google: Android Open Source Code (2019). https://source.android.com/

  49. Google: Activity Recognition API (2019). https://developers.google.com/location-context/activity-recognition/

  50. IPData.co (2019). https://ipdata.co/

  51. Google: Google Answers. https://support.google.com/android/answer/9079646?hl=en. Accessed Feb 2019

  52. Google: The Recents UI (2019). https://developer.android.com/guide/components/activities/recents

  53. Google: Work Manager API (2019). https://developer.android.com/reference/androidx/work/WorkManager

  54. Google: Android 9.0 Behavior Changes (2019). https://developer.android.com/about/versions/pie/android-9.0-changes-all

Download references

Acknowledgements

Thank you to Kim, Cookie, Bon Bon, and all the SIIS labers for the much needed support on my first paper journey. This material is based upon work supported by the National Science Foundation under Grant No. NS-1564105. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.

Author information

Authors and Affiliations

  1. Pennsylvania State University, State College, PA, 16802, USA

    Raquel Alvarez, Jake Levenson, Ryan Sheatsley & Patrick McDaniel

Authors
  1. Raquel Alvarez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jake Levenson
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ryan Sheatsley
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Patrick McDaniel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Raquel Alvarez .

Editor information

Editors and Affiliations

  1. George Mason University, Fairfax, VA, USA

    Songqing Chen

  2. The University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

  3. Boston University, Lowell, MA, USA

    Xinwen Fu

  4. Virginia Tech, Blacksburg, VA, USA

    Wenjing Lou

  5. University of Central Florida, Orlando, FL, USA

    Aziz Mohaisen

Rights and permissions

Reprints and permissions

Copyright information

© 2019 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Alvarez, R., Levenson, J., Sheatsley, R., McDaniel, P. (2019). Application Transiency: Towards a Fair Trade of Personal Information for Application Services. In: Chen, S., Choo, KK., Fu, X., Lou, W., Mohaisen, A. (eds) Security and Privacy in Communication Networks. SecureComm 2019. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 305. Springer, Cham. https://doi.org/10.1007/978-3-030-37231-6_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-37231-6_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-37230-9

  • Online ISBN: 978-3-030-37231-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation