Large-scale App privacy governance

Zitong LI , Zhuoya FAN , Junxu LIU , Leixia WANG , Xiaofeng MENG

Front. Eng ›› 2022, Vol. 9 ›› Issue (4) : 640 -652.

PDF (3773KB)
Front. Eng ›› 2022, Vol. 9 ›› Issue (4) : 640 -652. DOI: 10.1007/s42524-022-0228-y
RESEARCH ARTICLE
RESEARCH ARTICLE

Large-scale App privacy governance

Author information +
History +
PDF (3773KB)

Abstract

Recently, the problem of mobile applications (Apps) leaking users’ private information has aroused wide concern. As the number of Apps continuously increases, effective large-scale App governance is a major challenge. Currently, the government mainly filters out Apps with potential privacy problems manually. Such approach is inefficient with limited searching scope. In this regard, we propose a quantitative method to filter out problematic Apps on a large scale. We introduce Privacy Level (P-Level) to measure an App’s probability of leaking privacy. P-Level is calculated on the basis of Permission-based Privacy Value (P-Privacy) and Usage-based Privacy Value (U-Privacy). The former considers App permission setting, whereas the latter considers App usage. We first illustrate the privacy value model and computation results of both values based on real-world dataset. Subsequently, we introduce the P-Level computing model. We also define the P-Level computed on our dataset as the PL standard. We analyze the distribution of average usage and number of Apps under the levels given in the PL standard, which may provoke insights into the large-scale App governance. Through P-Privacy, U-Privacy, and P-Level, potentially problematic Apps can be filtered out efficiently, thereby making up for the shortcoming of being manual.

Graphical abstract

Keywords

privacy risk / Privacy Level / quantification / large-scale App governance

Cite this article

Download citation ▾
Zitong LI, Zhuoya FAN, Junxu LIU, Leixia WANG, Xiaofeng MENG. Large-scale App privacy governance. Front. Eng, 2022, 9(4): 640-652 DOI:10.1007/s42524-022-0228-y

登录浏览全文

4963

注册一个新账户 忘记密码

References

Publishing order | Descend order by publishing year | Descend order by cited within
[1]

Biswas, S Wang, H Rashid, J (2016). Android permissions management at App installing. International Journal of Security and Its Applications, 10( 3): 223–232

[2]

Biswas, S Sharif, K Li, F Liu, Y (2017). 3P framework: Customizable permission architecture for mobile applications. In: Proceedings of the International Conference on Wireless Algorithms, Systems, and Applications. Guilin: Springer, 445–456
[3]

Chia, P H Yamamoto, Y Asokan, N (2012). Is this App safe? A large scale study on application permissions and risk signals. In: Proceedings of the 21st International Conference on World Wide Web. Lyon: Association for Computing Machinery, 311–320
[4]

Cyberspace Administration of China (2021a). Notice on illegal collection and use of personal information in 84 Apps including Tencent Phone Manager (in Chinese)
[5]

Cyberspace Administration of China (2021b). Notice on illegal collection and use of personal information in 105 Apps including Tiktok (in Chinese)
[6]

Degirmenci, K (2020). Mobile users’ information privacy concerns and the role of App permission requests. International Journal of Information Management, 50: 261–272

[7]

FeltA PChinEHannaSSongDWagnerD (2011). Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security. Chicago, IL: Association for Computing Machinery, 627–638
[8]

GrauschopfS (2020). Facebook privacy levels: Understanding Facebook’s levels of privacy. Online Paper
[9]

Hayes, D Cappa, F Le-Khac, N A (2020). An effective approach to mobile device management: Security and privacy issues associated with mobile applications. Digital Business, 1( 1): 100001

[10]

HuY (2007). Research on Risk Assessment Method of Network Information System. Dissertation for the Doctoral Degree. Chengdu: Sichuan University (in Chinese)
[11]

Lu, X Li, Q Qu, Z Hui, P (2014). Privacy information security classification study in Internet of Things. In: Proceedings of the International Conference on Identification, Information and Knowledge in the Internet of Things. Beijing: IEEE, 162–165
[12]

Meng, X F Zhu, M J Liu, J X (2019). Quantitative research on privacy risk of large-scale mobile users. Journal of Information Security Research, 5( 9): 778–788
[13]

PengHGatesCSarmaBLiN HQiYPotharajuRNita-RotaruCMolloyI (2012). Using probabilistic generative models for ranking risks of Android Apps. In: Proceedings of the ACM Conference on Computer and Communications Security. Raleigh North, CA: Association for Computing Machinery, 241–252
[14]

Personal Information Protection Task Force on Apps (2019). Governance report on Apps’ illegal collection and use of personal information (in Chinese)
[15]

Singh, A K Jaidhar, C D Kumara, M A A (2019). Experimental analysis of Android malware detection based on combinations of permissions and API-calls. Journal of Computer Virology and Hacking Techniques, 15( 3): 209–218

[16]

Son, H X Carminati, B Ferrari, E (2021). A risk assessment mechanism for Android Apps. In: Proceedings of the International Conference on Smart Internet of Things (SmartIoT). Jeju: IEEE, 237–244
[17]

WangYZhengJSunCMukkamalaS (2013). Quantitative security risk assessment of Android permissions and applications. In: Proceedings of the 27th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy. Newark, NJ: Springer, 226–241
[18]

Wu, Z Chen, X Lee, S U J (2021). FCDP: Fidelity calculation for description-to-permissions in Android Apps. IEEE Access, 9: 1062–1075

[19]

Zhang, X H Zhang, Y Zhong, M Ding, D Z Cao, Y Z Zhang, Y K Zhang, M Yang, M (2020). Enhancing state-of-the-art classifiers with API semantics to detect evolved Android malware. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 757–770
[20]

Zhang, Y L Zhou, Y J (2019). Review of clustering algorithms. Journal of Computer Applications, 39( 7): 1869–1882
[21]

Zhu, M J Ye, Q Q Meng, X F Yang, X (2021). Privacy risk quantification of mobile application based on requested permissions. Scientia Sinica (Informationis), 51( 7): 1100–1115

RIGHTS & PERMISSIONS

Higher Education Press

AI Summary AI Mindmap
PDF (3773KB)

3631

Accesses

0

Citation

Detail
Sections
Recommended

AI思维导图

/