PDF(3773 KB)
Large-scale App privacy governance
Zitong LI, Zhuoya FAN, Junxu LIU, Leixia WANG, Xiaofeng MENG
PDF(3773 KB)
PDF(3773 KB)
Large-scale App privacy governance
Recently, the problem of mobile applications (Apps) leaking users’ private information has aroused wide concern. As the number of Apps continuously increases, effective large-scale App governance is a major challenge. Currently, the government mainly filters out Apps with potential privacy problems manually. Such approach is inefficient with limited searching scope. In this regard, we propose a quantitative method to filter out problematic Apps on a large scale. We introduce Privacy Level (P-Level) to measure an App’s probability of leaking privacy. P-Level is calculated on the basis of Permission-based Privacy Value (P-Privacy) and Usage-based Privacy Value (U-Privacy). The former considers App permission setting, whereas the latter considers App usage. We first illustrate the privacy value model and computation results of both values based on real-world dataset. Subsequently, we introduce the P-Level computing model. We also define the P-Level computed on our dataset as the PL standard. We analyze the distribution of average usage and number of Apps under the levels given in the PL standard, which may provoke insights into the large-scale App governance. Through P-Privacy, U-Privacy, and P-Level, potentially problematic Apps can be filtered out efficiently, thereby making up for the shortcoming of being manual.
privacy risk / Privacy Level / quantification / large-scale App governance
| [1] |
Biswas, S Wang, H Rashid, J (2016). Android permissions management at App installing. International Journal of Security and Its Applications, 10( 3): 223–232
CrossRef
Google scholar
|
| [2] |
Biswas, S Sharif, K Li, F Liu, Y (2017). 3P framework: Customizable permission architecture for mobile applications. In: Proceedings of the International Conference on Wireless Algorithms, Systems, and Applications. Guilin: Springer, 445–456
|
| [3] |
Chia, P H Yamamoto, Y Asokan, N (2012). Is this App safe? A large scale study on application permissions and risk signals. In: Proceedings of the 21st International Conference on World Wide Web. Lyon: Association for Computing Machinery, 311–320
|
| [4] |
Cyberspace Administration of China (2021a). Notice on illegal collection and use of personal information in 84 Apps including Tencent Phone Manager (in Chinese)
|
| [5] |
Cyberspace Administration of China (2021b). Notice on illegal collection and use of personal information in 105 Apps including Tiktok (in Chinese)
|
| [6] |
Degirmenci, K (2020). Mobile users’ information privacy concerns and the role of App permission requests. International Journal of Information Management, 50: 261–272
CrossRef
Google scholar
|
| [7] |
FeltA PChinEHannaSSongDWagnerD (2011). Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security. Chicago, IL: Association for Computing Machinery, 627–638
|
| [8] |
GrauschopfS (2020). Facebook privacy levels: Understanding Facebook’s levels of privacy. Online Paper
|
| [9] |
Hayes, D Cappa, F Le-Khac, N A (2020). An effective approach to mobile device management: Security and privacy issues associated with mobile applications. Digital Business, 1( 1): 100001
CrossRef
Google scholar
|
| [10] |
HuY (2007). Research on Risk Assessment Method of Network Information System. Dissertation for the Doctoral Degree. Chengdu: Sichuan University (in Chinese)
|
| [11] |
Lu, X Li, Q Qu, Z Hui, P (2014). Privacy information security classification study in Internet of Things. In: Proceedings of the International Conference on Identification, Information and Knowledge in the Internet of Things. Beijing: IEEE, 162–165
|
| [12] |
Meng, X F Zhu, M J Liu, J X (2019). Quantitative research on privacy risk of large-scale mobile users. Journal of Information Security Research, 5( 9): 778–788
|
| [13] |
PengHGatesCSarmaBLiN HQiYPotharajuRNita-RotaruCMolloyI (2012). Using probabilistic generative models for ranking risks of Android Apps. In: Proceedings of the ACM Conference on Computer and Communications Security. Raleigh North, CA: Association for Computing Machinery, 241–252
|
| [14] |
Personal Information Protection Task Force on Apps (2019). Governance report on Apps’ illegal collection and use of personal information (in Chinese)
|
| [15] |
Singh, A K Jaidhar, C D Kumara, M A A (2019). Experimental analysis of Android malware detection based on combinations of permissions and API-calls. Journal of Computer Virology and Hacking Techniques, 15( 3): 209–218
CrossRef
Google scholar
|
| [16] |
Son, H X Carminati, B Ferrari, E (2021). A risk assessment mechanism for Android Apps. In: Proceedings of the International Conference on Smart Internet of Things (SmartIoT). Jeju: IEEE, 237–244
|
| [17] |
WangYZhengJSunCMukkamalaS (2013). Quantitative security risk assessment of Android permissions and applications. In: Proceedings of the 27th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy. Newark, NJ: Springer, 226–241
|
| [18] |
Wu, Z Chen, X Lee, S U J (2021). FCDP: Fidelity calculation for description-to-permissions in Android Apps. IEEE Access, 9: 1062–1075
CrossRef
Google scholar
|
| [19] |
Zhang, X H Zhang, Y Zhong, M Ding, D Z Cao, Y Z Zhang, Y K Zhang, M Yang, M (2020). Enhancing state-of-the-art classifiers with API semantics to detect evolved Android malware. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 757–770
|
| [20] |
Zhang, Y L Zhou, Y J (2019). Review of clustering algorithms. Journal of Computer Applications, 39( 7): 1869–1882
|
| [21] |
Zhu, M J Ye, Q Q Meng, X F Yang, X (2021). Privacy risk quantification of mobile application based on requested permissions. Scientia Sinica (Informationis), 51( 7): 1100–1115
CrossRef
Google scholar
|
/
| 〈 |
|
〉 |
AI Summary
