More Web Proxy on the site http://driver.im/

research-article

ProtectMyPrivacy: detecting and mitigating privacy leaks on iOS devices using crowdsourcing

Authors:

Yuvraj Agarwal,

Malcolm HallAuthors Info & Claims

MobiSys '13: Proceeding of the 11th annual international conference on Mobile systems, applications, and services

Pages 97 - 110

https://doi.org/10.1145/2462456.2464460

Published: 25 June 2013 Publication History

Abstract

In this paper we present the design and implementation of ProtectMyPrivacy (PMP), a system for iOS devices to detect access to private data and protect users by substituting anonymized data in its place if users decide. We developed a novel crowdsourced recommendation engine driven by users who contribute their protection decisions, which provides app specific privacy recommendations. PMP has been in use for over nine months by 90,621 real users, and we present a detailed evaluation based on the data we collected for 225,685 unique apps. We show that access to the device identifer (48.4% of apps), location (13.2% of apps), address book (6.2% of apps) and music library (1.6% of apps) is indeed widespread in iOS. We show that based on the protection decisions contributed by our users we can recommend protection settings for over 97.1% of the 10,000 most popular apps. We show the effectiveness of our recommendation engine with users accepting 67.1% of all recommendations provide to them, thereby helping them make informed privacy choices. Finally, we show that as few as 1% of our users, classified as experts, make enough decisions to drive our crowdsourced privacy recommendation engine.

References

[1]

D. Barrera, H. Kayacik, P. van Oorschot, and A. Somayaji. A Methodology for Empirical Analysis of Permission-based Security Models and its Application to Android. In Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS), pages 73--84. ACM, 2010.

Digital Library

[2]

M. Bellare, T. Ristenpart, P. Rogaway, and T. Stegers. Format-preserving Encryption. In Selected Areas in Cryptography, pages 295--312. Springer, 2009.

Digital Library

[3]

A.R. Beresford, A. Rice, N. Skehin, and R.Sohan. MockDroid: Trading Privacy for Application Functionality on Smartphones. In Proceedings of the 12th Workshop on Mobile Computing Systems and Applications (HotMobile), 2011.

Digital Library

[4]

M. Bohmer, B. Hecht, J. Schoning, A. Kruger, and G. Gernot Bauer. Falling Asleep with Angry Birds, Facebook and Kindle: A Large Scale Study on Mobile Application Usage. In Proceedings of the International Conference on Human Computer Interaction with Mobile Devices and Services (MobileHCI), 2011.

Digital Library

[5]

A. Chaudhuri. Language-based Security on Android. In Proceedings of the ACM SIGPLAN fourth workshop on Programming Languages and Analysis for Security (PLAS), pages 1--7. ACM, 2009.

Digital Library

[6]

M. Egele, C. Kruegely, E. Kirdaz, and G. Vigna. PiOS: Detecting Privacy Leaks in iOS Applications. In Proceedings of the Network and Distributed System Security Symposium(NDSS), 2011.

[7]

W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, McDaniel, and A. Sheth. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In Proceedings of the 9th USENIX conference on Operating Systems Design and Implementation (OSDI), 2010.

Digital Library

[8]

W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri. A Study of Android Application Security. In Proceedings of the 20th USENIX Security Symposium, 2011.

Digital Library

[9]

W. Enck, M. Ongtang, and P. McDaniel. On Lightweight Mobile Phone Application Certification. In Proceedings of the 16th ACM conference on Computer and Communications Security (CCS), 2009.

Digital Library

[10]

A. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android Permissions Demystified. In Proceedings of the 18th ACM conference on Computer and communications security, pages 627--638. ACM, 2011.

Digital Library

[11]

A. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner. Android Permissions: User Attention, Comprehension, and Behavior. Technical report, University of California, Berkeley, 2012.

[12]

J. Freeman. Mobile Substrate. http://iphonedevwiki.net/index.php/MobileSubstrate.

[13]

A. P. Fuchs, A. Chaudhuri, and J. S. Foster. SCanDroid: Automated security certification of Android applications. Manuscript, Univ. of Maryland, http://www.cs.umd.edu/~avik/projects/scandroidascaa, 2009.

[14]

P. Hornyack, S. Han, J. Jung,S . Schechter, and D. Wetherall. These Aren't the Droids you're Looking For: Retrofitting Android to Protect Data from Imperious Applications. In Proceedings of the 18th ACM conference on Computer and Communications Security (CCS), pages 639--652. ACM, 2011.

Digital Library

[15]

Ian Shapira, The Washington Post. Once the Hobby of Tech Geeks, iPhone Jailbreaking now a Lucrative Industry, 2011.

[16]

J. Jeon, K. Micinski, J. Vaughan, N. Reddy, Y. Zhu, J. Foster, and T. Millstein. Dr. Android and Mr. Hide: Fine-grained Security Policies on Unmodified Android. Technical report, University of Maryland, 2011.

[17]

J. Lin, S. Amini, J. Hong, N. Sadeh, J. Lindqvist, and J. Zhang. Expectation and Purpose: Understanding Users Mental Models of Mobile App Privacy Through Crowdsourcing. In Proceedings of the 14th ACM International Conference on Ubiquitous Computing (Ubicomp), 2012.

Digital Library

[18]

W. Mackay. Patterns of Sharing Customizable Software. In Proceedings of the 1990 ACM conference on Computer-supported cooperative work, pages 209--221. ACM, 1990.

Digital Library

[19]

MobiStealth. http://www.mobistealth.com/.

[20]

M. Nauman, S. Khan, and X. Zhang. Apex: Extending Android Permission Model and Enforcement with User-defined Runtime Constraints. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (CCS), pages 328--332. ACM, 2010.

Digital Library

[21]

Protect My Privacy (PmP). iOS Privacy App. http://www.protectmyprivacy.org.

[22]

N. Seriot. iPhone Privacy. In Black Hat DC, 2010.

[23]

E. Smith. iPhone Applications & Privacy Issues: An Analysis of Application Transmission of iPhone Unique Device Identifiers (UDIDs). Technical report, Technical Report, 2010.

[24]

The Next Web. Popular Jailbreak Software Cydia hits 14m Monthly Users on iOS 6, 23m on All Devices, March 2013.

[25]

S. Thurm and Y. Kane. The Journal's Cellphone Testing Methodology. The Wall Street Journal, 2010.

[26]

S. Thurm and Y. Kane. Your Apps Are Watching You. The Wall Street Journal, 2010.

[27]

N. Y. Times. Mobile Apps Take Data Without Permission. http://bits.blogs.nytimes.com/2012/02/15/google-and-mobile-apps-take-data-books-without-permission/.

[28]

M. T. Vennon. Android Malware: Spyware in the Android Market. Technical report, SMobile Systems, 2010.

[29]

T. Vennon. Android Malware. A Study of Known and Potential Malware Threats. Technical report, SMobile Global Threat Center, 2010.

[30]

XEUDOXUS. Privacy Blocker and Inspector. http://privacytools.xeudoxus.com/.

[31]

Y. Zhou, X. Zhang, X. Jiang, and V. W. Freeh. Taming Information-Stealing Smartphone Applications (on Android). Trust and Trustworthy Computing (TRUST), pages 93--107, 2011.

Digital Library

Cited By

Steinböck MBleier JRainer MUrban TUtz CLindorfer MSpinellis DConstantinou EBacchelli A(2024)Comparing Apples to Androids: Discovery, Retrieval, and Matching of iOS and Android Apps for Cross-Platform AnalysesProceedings of the 21st International Conference on Mining Software Repositories10.1145/3643991.3644896(348-360)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1145/3643991.3644896
Ma HHuang SGuo JLam KYang T(2024)Blockchain-Based Privacy-Preserving Federated Learning for Mobile CrowdsourcingIEEE Internet of Things Journal10.1109/JIOT.2023.334063011:8(13884-13899)Online publication date: 15-Apr-2024
https://doi.org/10.1109/JIOT.2023.3340630
Koch SAltpeter BJohns MCalandrino JTroncoso C(2023)The OK is not enoughProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620543(5467-5484)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620543
Show More Cited By

Index Terms

ProtectMyPrivacy: detecting and mitigating privacy leaks on iOS devices using crowdsourcing

Recommendations

Privacy Capsules: Preventing Information Leaks by Mobile Apps
MobiSys '16: Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services

Preventing the leakage of user information via untrusted third-party apps is a key challenge in mobile privacy. We propose and evaluate privacy capsules (PCs), a platform execution model for mobile apps that prevents the flow of private information to ...
An Explorative Study of the Mobile App Ecosystem from App Developers' Perspective
WWW '17: Proceedings of the 26th International Conference on World Wide Web

With the prevalence of smartphones, app markets such as Apple App Store and Google Play has become the center stage in the mobile app ecosystem, with millions of apps developed by tens of thousands of app developers in each major market. This paper ...
App store mining is not enough for app improvement

The rise in popularity of mobile devices has led to a parallel growth in the size of the app store market, intriguing several research studies and commercial platforms on mining app stores. App store reviews are used to analyze different aspects of app ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

MobiSys '13: Proceeding of the 11th annual international conference on Mobile systems, applications, and services

June 2013

568 pages

ISBN:9781450316729

DOI:10.1145/2462456

General Chairs:
Hao-Hua Chu
National Taiwan University
,
Polly Huang
National Taiwan University
,
Program Chairs:
Romit Roy Choudhury
Duke University
,
Feng Zhao
Microsoft Research

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing

In-Cooperation

SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 June 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

MobiSys'13

Sponsor:

SIGMOBILE

MobiSys'13: The 11th Annual International Conference on Mobile Systems, Applications, and Services

June 25 - 28, 2013

Taipei, Taiwan

Acceptance Rates

MobiSys '13 Paper Acceptance Rate 33 of 211 submissions, 16%;

Overall Acceptance Rate 274 of 1,679 submissions, 16%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

134
Total Citations
View Citations
1,343
Total Downloads

Downloads (Last 12 months)80
Downloads (Last 6 weeks)29

Reflects downloads up to 11 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Steinböck MBleier JRainer MUrban TUtz CLindorfer MSpinellis DConstantinou EBacchelli A(2024)Comparing Apples to Androids: Discovery, Retrieval, and Matching of iOS and Android Apps for Cross-Platform AnalysesProceedings of the 21st International Conference on Mining Software Repositories10.1145/3643991.3644896(348-360)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1145/3643991.3644896
Ma HHuang SGuo JLam KYang T(2024)Blockchain-Based Privacy-Preserving Federated Learning for Mobile CrowdsourcingIEEE Internet of Things Journal10.1109/JIOT.2023.334063011:8(13884-13899)Online publication date: 15-Apr-2024
https://doi.org/10.1109/JIOT.2023.3340630
Koch SAltpeter BJohns MCalandrino JTroncoso C(2023)The OK is not enoughProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620543(5467-5484)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620543
Pei WLikhtenshteyn YYue C(2023)A Tale of Two Communities: Privacy of Third Party App Users in Crowdsourcing - The Case of Receipt TranscriptionProceedings of the ACM on Human-Computer Interaction10.1145/36100447:CSCW2(1-43)Online publication date: 4-Oct-2023
https://dl.acm.org/doi/10.1145/3610044
Kollnig KDatta SSerban Von Davier TVan Kleek MBinns RLyngs UShadbolt N(2023)‘We are adults and deserve control of our phones’: Examining the risks and opportunities of a right to repair for mobile appsProceedings of the 2023 ACM Conference on Fairness, Accountability, and Transparency10.1145/3593013.3593973(22-34)Online publication date: 12-Jun-2023
https://dl.acm.org/doi/10.1145/3593013.3593973
Wang YWang YWang SLiu YXu CCheung SYu HZhu Z(2023)Runtime Permission Issues in Android Apps: Taxonomy, Practices, and Ways ForwardIEEE Transactions on Software Engineering10.1109/TSE.2022.314825849:1(185-210)Online publication date: 1-Jan-2023
https://doi.org/10.1109/TSE.2022.3148258
Botturi LFioroni TBeretta CAndreoletti DFerrari ACardoso FPicco-Schwendener AMarazza SGiordano S(2023)The iBuddy experience: A digital simulation-based approach to enhance secondary school students’ privacy awarenessEducational technology research and development10.1007/s11423-023-10309-xOnline publication date: 6-Nov-2023
https://doi.org/10.1007/s11423-023-10309-x
Alamri HMaple CMohamad SEpiphaniou G(2022)Do the Right Thing: A Privacy Policy Adherence Analysis of over Two Million Apps in Apple iOS App StoreSensors10.3390/s2222896422:22(8964)Online publication date: 19-Nov-2022
https://doi.org/10.3390/s22228964
Kollnig KShuba ABinns RVan Kleek MShadbolt N(2022)Are iPhones Really Better for Privacy? A Comparative Study of iOS and Android AppsProceedings on Privacy Enhancing Technologies10.2478/popets-2022-00332022:2(6-24)Online publication date: 3-Mar-2022
https://doi.org/10.2478/popets-2022-0033
Malkin NWagner DEgelman S(2022)Can Humans Detect Malicious Always-Listening Assistants? A Framework for Crowdsourcing Test DrivesProceedings of the ACM on Human-Computer Interaction10.1145/35556136:CSCW2(1-28)Online publication date: 11-Nov-2022
https://dl.acm.org/doi/10.1145/3555613
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents