research-article

A multi-dimensional measure for intrusion: the intrusiveness quality attribute

Authors:

Ashish Agrawal,

Balwinder Sodhi,

Prabhakar TVAuthors Info & Claims

QoSA '13: Proceedings of the 9th international ACM Sigsoft conference on Quality of software architectures

Pages 63 - 68

https://doi.org/10.1145/2465478.2465497

Published: 17 June 2013 Publication History

Get Access

Abstract

Security in personal devices like mobile phones, tablets, is a major concern because these devices often carry sensitive information. Device platforms (e.g. Android) implement "limit access" and "authorize" security tactics to protect privacy/security-sensitive resources against misuse by an app. For instance, Android defines a set of 100+ permissions that guard resources such as phonebook data, network sockets and so on. However, due to poor understanding of these complex permissions, users inadvertently grant dangerous permissions to the apps, which defeat the security tactics implemented.

Thus, security of a device is directly related to the capabilities granted to the intruder (app in this case). In this paper, we define a new quality attribute (QA) called Intrusiveness of an app, which characterizes the capabilities of an app to cause violation of personal and operational information of the user/device. We suggest a framework to compute "intrusiveness" on a given platform. Intrusiveness of an app is represented as a 4-tuple. This tuple characterizes the extent to which the permissions, that are being sought by an app, could compromise in 4 dimensions of information, viz. User, Device, Carrier and the External World. It helps the user to realize the nature of privacy-sensitive resources that (s)he is exposing to the app. Efficacy of our framework is demonstrated by examining intrusiveness of 814 most popular free apps on Android. The Intrusiveness QA could be used to compute potential violation of User Personal Privacy, User Locational Privacy and violation of Device Integrity. Our analysis shows that 84% of apps examined are in a position to compromise User Personal Privacy, 96% can comprise Device Integrity and 92% can compromise Locational Privacy.

References

[1]

Android api, permission element. http://developer.android.com/guide/topics/manifest/permission-element.h%tml. Retrieved: February 2013.

Google Scholar

[2]

Android api, permission groups. http://developer.android.com/reference/android/Manifest.permission_grou%p.html. Retrieved: February 2013.

Google Scholar

[3]

Android api, permissions. http://developer.android.com/reference/android/Manifest.permission.html%. Retrieved: February 2013.

Google Scholar

[4]

D. Barrera, H. G. Kayacik, P. C. van Oorschot, and A. Somayaji. A methodology for empirical analysis of permission-based security models and its application to android. In Proceedings of the 17th ACM conference on Computer and communications security, CCS'10, pages 73--84, New York, NY, USA, 2010. ACM.

Digital Library

Google Scholar

[5]

P. H. Chia, Y. Yamamoto, and N. Asokan. Is this app safe?: a large scale study on application permissions and risk signals. In Proceedings of the 21st international conference on World Wide Web, WWW'12, pages 311--320, New York, NY, USA, 2012. ACM.

Digital Library

Google Scholar

[6]

M. Egele, C. Kruegel, E. Kirda, and G. Vigna. Pios: Detecting privacy leaks in ios applications. In NDSS. The Internet Society, 2011.

Google Scholar

[7]

A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android permissions demystified. In Proceedings of the 18th ACM conference on Computer and communications security, CCS'11, pages 627--638, New York, NY, USA, 2011. ACM.

Digital Library

Google Scholar

[8]

A. P. Felt, K. Greenwood, and D. Wagner. The effectiveness of application permissions. In Proceedings of the 2nd USENIX conference on Web application development, WebApps'11, pages 7--7, Berkeley, CA, USA, 2011. USENIX Association.

Digital Library

Google Scholar

[9]

A. P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner. Android permissions: user attention, comprehension, and behavior. In Proceedings of the Eighth Symposium on Usable Privacy and Security, SOUPS'12, pages 3:1--3:14, New York, NY, USA, 2012. ACM.

Digital Library

Google Scholar

[10]

MobileScope. Mobile scope. https://mobilescope.net/. Retrieved: February 2013.

Google Scholar

[11]

X. Wei, L. Gomez, I. Neamtiu, and M. Faloutsos. Permission evolution in the android ecosystem. In Proceedings of the 28th Annual Computer Security Applications Conference, ACSAC '12, pages 31--40, New York, NY, USA, 2012. ACM.

Digital Library

Google Scholar

Cited By

View all

Escobar-Velásquez CMazuera-Rozo ABedoya COsorio-Riaño MLinares-Vásquez MBavota G(2021)Studying eventual connectivity issues in Android appsEmpirical Software Engineering10.1007/s10664-021-10020-627:1Online publication date: 27-Nov-2021
https://doi.org/10.1007/s10664-021-10020-6
Roshandel RTyler RAbadi ADig DDubinsky Y(2015)User-centric monitoring of sensitive information access in Android applicationsProceedings of the Second ACM International Conference on Mobile Software Engineering and Systems10.5555/2825041.2825076(144-145)Online publication date: 16-May-2015
https://dl.acm.org/doi/10.5555/2825041.2825076
Roshandel RTyler R(2015)User-centric Monitoring of Sensitive Information Access in Android Applications2015 2nd ACM International Conference on Mobile Software Engineering and Systems10.1109/MobileSoft.2015.36(144-145)Online publication date: May-2015
https://doi.org/10.1109/MobileSoft.2015.36

Index Terms

A multi-dimensional measure for intrusion: the intrusiveness quality attribute
1. Software and its engineering

Recommendations

No surprises: measuring intrusiveness of smartphone applications by detecting objective context deviations
WPES '13: Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society

We address the challenge of improving transparency for smartphone applications by creating tools that assesses privacy risk. Specifically, we invented a framework for qualitatively assessing and quantitatively measuring the intrusiveness of smartphone ...
Privacy Capsules: Preventing Information Leaks by Mobile Apps
MobiSys '16: Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services

Preventing the leakage of user information via untrusted third-party apps is a key challenge in mobile privacy. We propose and evaluate privacy capsules (PCs), a platform execution model for mobile apps that prevents the flow of private information to ...
Sleeping android: the danger of dormant permissions
SPSM '13: Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices

An Android app must be authorized for permissions, defined by the Android platform, in order to access certain capabilities of an Android device. An app developer specifies which permissions an app will require and these permissions must be authorized ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

QoSA '13: Proceedings of the 9th international ACM Sigsoft conference on Quality of software architectures

June 2013

180 pages

ISBN:9781450321266

DOI:10.1145/2465478

General Chair:
Philippe Kruchten
University of British Columbia, Canada
,
Program Chairs:
Anne Koziolek
Karlsruhe Institute of Technology, Germany
,
Robert Nord
Software Engineering Institute, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 June 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

Comparch '13

Sponsor:

SIGSOFT

Comparch '13: Federated Events on Component-Based Software Engineering and Software Architecture

June 17 - 21, 2013

British Columbia, Vancouver, Canada

Acceptance Rates

QoSA '13 Paper Acceptance Rate 17 of 42 submissions, 40%;

Overall Acceptance Rate 46 of 131 submissions, 35%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
204
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Escobar-Velásquez CMazuera-Rozo ABedoya COsorio-Riaño MLinares-Vásquez MBavota G(2021)Studying eventual connectivity issues in Android appsEmpirical Software Engineering10.1007/s10664-021-10020-627:1Online publication date: 27-Nov-2021
https://doi.org/10.1007/s10664-021-10020-6
Roshandel RTyler RAbadi ADig DDubinsky Y(2015)User-centric monitoring of sensitive information access in Android applicationsProceedings of the Second ACM International Conference on Mobile Software Engineering and Systems10.5555/2825041.2825076(144-145)Online publication date: 16-May-2015
https://dl.acm.org/doi/10.5555/2825041.2825076
Roshandel RTyler R(2015)User-centric Monitoring of Sensitive Information Access in Android Applications2015 2nd ACM International Conference on Mobile Software Engineering and Systems10.1109/MobileSoft.2015.36(144-145)Online publication date: May-2015
https://doi.org/10.1109/MobileSoft.2015.36

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

No surprises: measuring intrusiveness of smartphone applications by detecting objective context deviations

Privacy Capsules: Preventing Information Leaks by Mobile Apps

Sleeping android: the danger of dormant permissions

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations