| 16951. |
|
|
| 16952. |
- Momen, Nurul, 1988-, et al.
(författare)
-
Accept - Maybe - Decline : Introducing Partial Consent for the Permission-based Access Control Model of Android
- 2020
-
Ingår i: SACMAT '20: Proceedings of the 25th ACM Symposium on Access Control Models and Technologies. - New York, NY, USA : ACM Digital Library. ; , s. 71-80
-
Konferensbidrag (refereegranskat)abstract
- The consent to personal data sharing is an integral part of modern access control models on smart devices. This paper examines the possibility of registering conditional consent which could potentially increase trust in data sharing. We introduce an indecisive state of consenting to policies that will enable consumers to evaluate data services before fully committing to their data sharing policies. We address technical, regulatory, social, individual and economic perspectives for inclusion of partial consent within an access control mechanism. Then, we look into the possibilities to integrate it within the access control model of Android by introducing an additional button in the interface---\emph{Maybe}. This article also presents a design for such implementation and demonstrates feasibility by showcasing a prototype built on Android platform. Our effort is exploratory and aims to shed light on the probable research direction.
|
|
| 16953. |
- Momen, Nurul, 1988-, et al.
(författare)
-
App-generated digital identities extracted through Androidpermission-based data access - a survey of app privacy
- 2020
-
Ingår i: Sicherheit 2020. - : Gesellschaft für Informatik. - 9783885796954 ; , s. 15-28
-
Konferensbidrag (refereegranskat)abstract
- Smartphone apps that run on Android devices can access many types of personal information. Such information can be used to identify, profile and track the device users when mapped into digital identity attributes. This article presents a model of identifiability through access to personal data protected by the Android access control mechanism called permissions. We present an abstraction of partial identity attributes related to such personal data, and then show how apps accumulate such attributes in a longitudinal study that was carried out over several months. We found that apps' successive access to permissions accumulates such identity attributes, where different apps show different interest in such attributes.
|
|
| 16954. |
- Momen, Nurul, 1988-, et al.
(författare)
-
Did App Privacy Improve After the GDPR?
- 2019
-
Ingår i: IEEE Security and Privacy. - : IEEE. - 1540-7993 .- 1558-4046. ; 17:6, s. 10-20
-
Tidskriftsartikel (refereegranskat)abstract
- In this article, we present an analysis of app behavior before and after the regulatory change in dataprotection in Europe. Our data shows that app privacy has moderately improved after the implementationof the General Data Protection Regulation.In May 2018, stronger regulation of the processingof personal data became law in the EuropeanUnion, known as the General Data Protection Regulation(GDPR).1 The expected effect of the regulation was betterprotection of personal data, increased transparencyof collection and processing, and stronger interventionrights of data subjects, with some authors claiming thatthe GDPR would change the world, or at least that ofdata protection regulation.2 The GDPR had a two-year(2016–2018) implementation period that followedfour years of preparation. At the time of this writing,in November 2019, one and one-half years have passedsince the implementation of GDPR.Has the GDPR had an effect on consumer software?Has the world of code changed too? Did theGDPR have a measurable effect on mobile apps’behavior? How should such a change in behavior bemeasured?In our study, we decided to use two indicators for measurement:Android dangerous permission16 privileges anduser feedback from the Google Play app market. We collecteddata from smartphones with an installed app set formonths before GDPR implementation on 25 May 2018and months after that date.
|
|
| 16955. |
- Momen, Nurul, et al.
(författare)
-
How much Privilege does an App Need? Investigating Resource Usage of Android Apps
- 2017
-
Ingår i: Proceedings of the Fifteenth International Conference on Privacy, Security and Trust – PST 2017 (IEEE proceedings pendings). - : IEEE. - 9781538624876 - 9781538624883
-
Konferensbidrag (refereegranskat)abstract
- Arguably, one of the default solutions to many of today’s everyday errands is to install an app. In order to deliver a variety of convenient and user-centric services, apps need to access different types of information stored in mobile devices, much of which is personal information. In principle, access to such privacy sensitive data should be kept to a minimum. In this study, we focus on privilege utilization patterns by apps installed on Android devices. Though explicit consent is required prior to first time access to the resource, the unavailability of usage information makes it unclear when trying to reassess the users initial decision. On the other hand, if granted privilege with little or no usage, it would suggest the likely violation of the principle of least privilege. Our findings illustrate a plausible requirement for visualising resource usage to aid the user in their decision- making and finer access control mechanisms.
|
|
| 16956. |
- Momen, Nurul, 1988-
(författare)
-
Measuring Apps' Privacy-Friendliness : Introducing transparency to apps' data access behavior
- 2020
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Mobile apps brought unprecedented convenience to everyday life, and nowadays, hardly any interactive service exists without having an interface through an app. The rich functionalities of apps rely on the pervasive capabilities of the mobile device, such as its cameras and other types of sensors. Consequently, apps generate a diverse and large amount of data, which can often be deemed as privacy-sensitive data. As the mobile device is also equipped with several means to transmit the collected data, such as WiFi and 4G, it brings further concerns about individuals' privacy.Even though mobile operating systems use access control mechanisms to guard system resources and sensors, apps exercise their granted privileges in an opaque manner. Depending on the type of privilege, apps require explicit approval from the user in order to acquire access to them through permissions. Nonetheless, granting permission does not put constraints on the access frequency. Granted privileges allow the app to access users' personal data for a long period of time, typically until the user explicitly revokes the access. Furthermore, available control tools lack monitoring features, and therefore, the user faces hindrances to comprehend the magnitude of personal data access. Such circumstances can erode intervenability from the interface of the phone, lead to incomprehensible handling of personal data, and thus, create privacy risks for the user.This thesis covers a long-term investigation of apps' data access behavior and makes an effort to shed light on various privacy implications. It also shows that app behavior analysis yields information that has the potential to increase transparency, to enhance privacy protection, to raise awareness regarding consequences of data disclosure, and to assist the user in informed decision-making while selecting apps or services. We introduce models, methods, and demonstrate the data disclosure risks with experimental results. Finally, we show how to communicate privacy risks through the user interface by taking the results of app behavior analyses into account.
|
|
| 16957. |
- Momen, Nurul, 1988-, et al.
(författare)
-
Neither Do I Want to Accept, nor Decline; Is There an Alternative?
- 2020
-
Ingår i: Communications in Computer and Information Science. - Cham : Springer. - 9783030507312 ; , s. 573-580
-
Konferensbidrag (refereegranskat)abstract
- As we spend a considerable amount of time on various user interfaces, it often requires to provide consent for grating privileges. This article addresses the opportunity for providing conditional consent which could potentially aid the user in understanding consequences, making informed decisions, and gaining trust in data sharing. We introduce an indecisive state of mind before consenting to policies, that will enable consumers to evaluate data services before fully committing to their data sharing policies. We discuss usability, regulatory, social, individual and economic aspects for inclusion of partial commitment within the context of an user interface for consent management. Then, we look into the possibilities to integrate it within the permission granting mechanism of Android by introducing an additional button in the interface—Maybe. This article also presents a design for such implementation, demonstrates feasibility by showcasing a prototype built on Android platform, and elaborates on a planned user study to determine feasibility, usability, and user expectation.
|
|
| 16958. |
- Momen, Nurul, 1988-, et al.
(författare)
-
Smartphone-Apps unter Beobachtung
- 2020
-
Ingår i: digma - Zeitschrift für Datenrecht und Informationssicherheit. - Zürich (CH) : Schulthess Juristische Medien AG. - 1424-9944. ; 20:3, s. 152-155
-
Tidskriftsartikel (övrigt vetenskapligt/konstnärligt)abstract
- Smartphones mit Android-Betriebssystem haben ein Zugriffskontrollsystem, welches auf Zugriffsrechten – zugeteilt per App – basiert. Damit werden Zugriffe von Android-Anwendungen Dritter auf kritische Ressourcen einschränkt. Einige dieser Rechte – von Google als sogenannte «dangerous permissions» definiert – bedürfen vor ihrer Aktivierung der Zustimmung des Nutzers. Dies geschieht durch ein Anklicken einer Zustimmung nach Start der App. Danach kann die App nach Belieben auf die jeweilige Datenquelle, beispielsweise Standortdaten (GPS), Kamera, Telefonstatus oder Adressbuch, zugreifen. Verlangt eine App Zugriff beispielsweise auf das Adressbuch, so muss vom Nutzer der Adressbuch-Zugriff beim ersten Versuch genehmigt werden. Diese Genehmigung wird dann ohne zeitliche Einschränkung in der App für zukünftige Zugriffe hinterlegt.Eine Verweigerung der Rechte in den Einstellungen führt oft zu Fehlfunktionen der Apps.Laufzeitberechtigungen werden auf Gruppenbasis erteilt. Um zum Beispiel Bluetooth verwenden zu können, wie es die Covid App benötigt, muss der Nutzer die Zustimmung zur Gruppe «Standort» geben. Wenn eine Anwendung erneut Laufzeitberechtigungen anfordert, die sich auf dieselbe Berechtigungsgruppe beziehen, werden, sobald eine davon erteilt ist, auch alle anderen erteilt. In unserer Forschung stellten wir uns die Aufgabe, die Zugriffsfrequenzen auf datenschutzrelevante Datenquellen zu messen. Ziel war die Quantifizierung des Risikos für den Nutzer und die Schaffung von Transparenz über Datensammlungen sowohl in wissenschaftlicher Perspektive also auch zur Information von Endnutzern. Im Folgenden beschreiben wir Ergebnisse und Vorgehensweise unserer Studien.
|
|
| 16959. |
- Momen, Nurul, et al.
(författare)
-
Towards Improving Privacy Awareness Regarding Apps’ Permissions
- 2017
-
Ingår i: Proceedings of the Eleventh International Conference on Digital Society and eGovernments – ICDS 2017. - : International Academy, Research and Industry Association (IARIA). - 9781612085371 ; , s. 18-23
-
Konferensbidrag (refereegranskat)
|
|
| 16960. |
- Momen, Nurul, et al.
(författare)
-
Towards Improving Privacy Awareness Regarding Apps' Permissions
- 2017
-
Ingår i: ICDS 2017: THE ELEVENTH INTERNATIONAL CONFERENCE ON DIGITAL SOCIETY. - : International Academy, Research and Industry Association (IARIA). - 9781612085371 ; , s. 18-23
-
Konferensbidrag (övrigt vetenskapligt/konstnärligt)abstract
- Empirical studies show that the flow of personal information through mobile apps made devices vulnerable in terms of privacy. Cumbersome and inconvenient representation of privacy notice encourages the user to ignore it and disclose sensitive private information unintentionally. Hence, summarized permissions are presented on mobile devices and users tend to overlook them as well. Rigid structure for using a service and inherited behavior from desktop applications to accept everything are the reasons behind compelling the user to proceed without paying any attention. Complex permission based structure is also a major impediment for consumers that makes it difficult to perceive appropriate consequences of their decisions. We argue that as privacy strongly depends on individual perception, the key to educate and empower users is to providing them with transparency of what is happening on their smartphones. In consequence we suggest a convenient, transparent and proactive approach to help in understanding and deciding upon privacy implications of apps. We propose a scale that has scalability within itself. We implement this method within a tool, named Aware, that presents the summary of what applications are installed on a smartphone, which resources they access, and what are the reasons for that. Moreover, the tool is capable of nudging the user when certain sensitive data is accessed.
|
|
