[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content
Springer Nature Link
Log in

3P Framework: Customizable Permission Architecture for Mobile Applications

  • Conference paper
  • First Online:
Wireless Algorithms, Systems, and Applications (WASA 2017)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 10251))

  • 3557 Accesses

Abstract

Mobile applications & smart devices have drastically changed our routine tasks, and have become an integral part of modern society. Along with the numerous benefits we get, major challenges like privacy and safety have become complicated than before. The permission based system for mobile applications is designed to empower the user to decide which resources and information they want the application to access. Most of these permissions are granted during installation of application, but our study shows that the users make weak decisions in protecting their information. Majority of the users, even with technical backgrounds, blindly grant all permissions requested by the application even if they are not necessary for the application to run. In order to give more control to the user, and to enable them to make informed decisions regarding permission, we have proposed a Privacy Permission Policy Framework in this paper. This framework enables the user to have greater control over the permission granting while installing the mobile applications. The implementation and testing of the framework also enabled us to run forensic analysis and understand the scope of permissions requested, based on which this framework can advise the user to select minimum required permissions for the application to work. This makes the users’ privacy more secure, and grants full control over the process.

This work is partially supported by the National Natural Science Foundation of China under Grant Nos. 61370192, 61432015, and 61602038.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 71.50
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 89.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Change is categories at Google Play Store does not effect implementation of this research. Other application categorizations can also be as effectively used as this one.

  2. 2.

    All observations regarding number of permissions is based on the information available at the time of writing this paper. This information is subject to change at anytime.

References

  1. Statista: Number of Smartphone Users Worldwide from 2014 to 2020. https://www.statista.com/statistics/330695/number-of-smartphone-users-worldwide/

  2. Statista: Share of Mobile Phone Users that Use a Smartphone in China from 2013 to 2019. https://www.statista.com/statistics/257045/smartphone-user-penetration-in-china/

  3. Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), pp. 3–14 (2011)

    Google Scholar 

  4. Thurm, S., Kanel, Y.I.: Your apps are watching you. Wallstreet J. (2010)

    Google Scholar 

  5. Zhang, L., Cai, Z., Wang, X.: FakeMask: a novel privacy preserving approach for smartphones. IEEE Trans. Netw. Serv. Manag. 13(2), 335–348 (2016)

    Article  Google Scholar 

  6. He, Z., Cai, Z., Li, Y.: Customized privacy preserving for classification based applications. In: Proceedings of the ACM Workshop on Privacy-Aware Mobile Computing, pp. 37–42. ACM (2016)

    Google Scholar 

  7. Balebako, R., Marsh, A., Lin, J., Hong, J., Cranor, L.F.: The privacy and security behaviors of smartphone app developers. In: Workshop on Usable Security UsEC, February 2014

    Google Scholar 

  8. Chin, E., Felt, A.P., Sekar, V., Wagner, D.: Measuring user confidence in smartphone security and privacy. In: Proceedings of Symposium on Usable Privacy and Security SOUPS. ACM, July 2012

    Google Scholar 

  9. Felt, A.P., Egelman, S., Wagner, D.: I’Ve got 99 problems, but vibration ain’t one: a survey of smartphone users’ concerns. In: ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), pp. 33–44 (2012)

    Google Scholar 

  10. Lin, J., Amini, S., Hong, J.I., Sadeh, N., Lindqvist, J., Zhang, J.: Expectation and purpose: understanding users’ mental models of mobile app privacy through crowdsourcing. In: Proceedings of the ACM Conference on Ubiquitous Computing (UbiComp), pp. 501–510. ACM, September 2012

    Google Scholar 

  11. Benenson, Z., Kroll-Peters, O., Krupp, M.: Attitudes to IT security when using a smartphone. In: Federated Conference on Computer Science and Information Systems (FedCSIS), pp. 1179–1183, September 2012

    Google Scholar 

  12. Mylonas, A., Kastania, A., Gritzalis, D.: Delegate the smartphone user? Security awareness in smartphone platforms. Comput. Secur. 34, 47–66 (2013)

    Article  Google Scholar 

  13. Fife, E., Orjuela, J.: The privacy calculus: mobile apps and user perceptions of privacy and security. Int. J. Eng. Bus. Manag. 5(1) (2012)

    Google Scholar 

  14. Balebako, R., Jung, J., Lu, W., Cranor, L.F., Nguyen, C.: Little brothers watching you: raising awareness of data leaks on smartphones. In: Proceedings of the Symposium on Usable Privacy and Security SOUPS. ACM (2013)

    Google Scholar 

  15. Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N., Wetherall, D.: A conundrum of permissions: installing applications on an Android smartphone. In: Blyth, J., Dietrich, S., Camp, L.J. (eds.) FC 2012. LNCS, vol. 7398, pp. 68–79. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34638-5_6

    Chapter  Google Scholar 

  16. Beresford, A.R., Rice, A., Skehin, N., Sohan, R.: MockDroid: trading privacy for application functionality on smartphones. In: Proceedings of the Workshop on Mobile Computing Systems and Applications, pp. 49–54. ACM (2011)

    Google Scholar 

  17. Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren’t the droids you’re looking for: retrofitting Android to protect data from imperious applications. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 639–652. ACM (2011)

    Google Scholar 

  18. Zhou, Y., Zhang, X., Jiang, X., Freeh, V.W.: Taming information-stealing smartphone applications (on Android). In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) Trust 2011. LNCS, vol. 6740, pp. 93–107. Springer, Heidelberg (2011). doi:10.1007/978-3-642-21599-5_7

    Chapter  Google Scholar 

  19. Au, K.W.Y., Zhou, Y.F., Huang, Z., Lie, D.: PScout: analyzing the Android permission specification. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 217–228. ACM (2012)

    Google Scholar 

  20. Mueller, K., Butler, K.: Flex-P: flexible Android permissions. In: IEEE Symposium on Security and Privacy, May 2011

    Google Scholar 

  21. Android, S.D.K.: Android Manifest Permission API 25. https://developer.android.com/reference/android/Manifest.permission.html

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, Beijing Institute of Technology, Beijing, China

    Sujit Biswas, Kashif Sharif & Fan Li

  2. Beijing Engineering Research Center of High Volume Language Information Processing and Cloud Computing Applications, Beijing, China

    Sujit Biswas, Kashif Sharif & Fan Li

  3. State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, China

    Yang Liu

Authors
  1. Sujit Biswas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kashif Sharif
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Fan Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yang Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Kashif Sharif or Fan Li .

Editor information

Editors and Affiliations

  1. Texas Christian University, Fort Worth, Texas, USA

    Liran Ma

  2. New Jersey Institute of Technology, Newark, New Jersey, USA

    Abdallah Khreishah

  3. University of Oslo, Oslo, Norway

    Yan Zhang

  4. University of North Georgia, Dahlonega, Georgia, USA

    Mingyuan Yan

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Biswas, S., Sharif, K., Li, F., Liu, Y. (2017). 3P Framework: Customizable Permission Architecture for Mobile Applications. In: Ma, L., Khreishah, A., Zhang, Y., Yan, M. (eds) Wireless Algorithms, Systems, and Applications. WASA 2017. Lecture Notes in Computer Science(), vol 10251. Springer, Cham. https://doi.org/10.1007/978-3-319-60033-8_39

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-60033-8_39

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-60032-1

  • Online ISBN: 978-3-319-60033-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation