| 1. |
- Elahi, Haroon, et al.
(författare)
-
A qualitative study of app acquisition and management
- 2024
-
Ingår i: IEEE Transactions on Computational Social Systems. - : IEEE. - 2329-924X. ; 11:2, s. 1907-1925
-
Tidskriftsartikel (refereegranskat)abstract
- Smartphone users rely on Apps for their daily lives but simultaneously struggle to protect their privacy and device security from potentially harmful and malicious Apps. However, scientific literature lacks in-depth studies mapping user struggles, factors undermining their efforts, and implications. We cover this gap by engaging 24 smartphone users in 44 interview sessions. We observe them performing different App acquisition and management tasks, seek explanations, and analyze collected data to make the following contributions. First, we develop a theoretical App acquisition and management model describing different phenomena involved in App acquisition and management in Android smartphones. Causal conditions of these phenomena and contexts, and intervening conditions influencing user strategies are discovered grounded in the data acquired through the interview sessions. It shows the challenges they face, the strategies they develop and use to deal with the faced challenges, and their consequences. Second, we systematically discover and relate different App acquisition and management concepts in 34 subcategories related to user struggles. None of the existing studies discovers, explains, and relates actual user behaviors involving this many factors in one place. Third, this research discovers six problems unaddressed by the literature: the usage of untrusted App repositories, mandatory and forced installations, the installation process changes, the Settings App complexities, the void contracts problem, and the psychological consequences of failure to protect privacy in Android phones. Finally, we provide general guidelines for users, App stores, developers, and regulators to assist them in enhancing privacy and security protection in the Android ecosystem.
|
|
| 2. |
- Elahi, Haroon, et al.
(författare)
-
Forward-porting and its limitations in fuzzer evaluation
- 2024
-
Ingår i: Information Sciences. - : Elsevier. - 0020-0255 .- 1872-6291. ; 662
-
Tidskriftsartikel (refereegranskat)abstract
- Forward-porting reintroduces previously detected and patched software bugs from older versions into later ones to create benchmarking workloads for fuzzing. These benchmarks gauge a fuzzer's performance by testing its ability to detect or trigger these bugs during a fuzzing campaign. In this study, we evaluate the reliability of forward porting in establishing dependable fuzzing benchmarks and their suitability for fair and accurate fuzzer evaluation. We utilize online resources, forward porting, fuzzing experiments, and triaging to scrutinize the workloads of a state-of-the-art fuzzing benchmark. We uncover seven factors, including software architecture changes, misconfigurations, supply chain issues, and developer errors, all of which compromise the success of forward porting. We determine that the ‘ground truth’ established through forward porting is only occasionally ‘true’ due to unaccounted-for underlying bugs in all examined software applications undergoing this process. These findings question the reliability of forward porting in generating dependable fuzzing benchmarks. Furthermore, our experimental results suggest that relying on forward porting-based ground truth and verification metrics could lead to misleading evaluations of fuzzer performance. Ultimately, we propose insights into the development of fuzzing benchmarks to ensure more dependable assessments of fuzzers.
|
|
