Have a personal or library account? Click to login
A Multilateral Privacy Impact Analysis Method for Android Applications Cover

A Multilateral Privacy Impact Analysis Method for Android Applications

Annals of Science and Technology
Volume 7 (2022): Issue 2 (December 2022)
By: Kelly E. Orjiude and  Chika O. Yinka-Banjo  
Open Access
|Dec 2022

References

  1. Achara, J.P., Roca, V., Castelluccia, C., and Francillon, A. (2016). MobileAppScrutinator: A Simple yet Efficient Dynamic Analysis Approach for Detecting Privacy Leaks across Mobile OSs. https://doi.org/10.48550/arXiv.1605.08357
    Search in Google ScholarBack to article
  2. Achara, J. P., Acs, G., and Castelluccia, C. (2015). On the Unicity of Smartphone Applications, In Proceedings of the 14th ACM Workshop on Privacy in the Electronic Society (WPES ‘15). Association for Computing Machinery, New York, NY, USA, 27–36. https://doi.org/10.1145/2808138.280814610.1145/2808138.2808146
    Search in Google ScholarBack to article
  3. Alepis, E., Patsakis, C. (2019). Unravelling Security Issues of Runtime Permissions in Android, Journal of Hardware and Systems Security (3); 45–63. https://doi.org/10.1007/s41635-018-0053-210.1007/s41635-018-0053-2
    Search in Google ScholarBack to article
  4. Arp, D., Quiring, E., Wressneger, C., and Rieck, K. (2017). Privacy Threats through Ultrasonic Side Channels on Mobile Devices, IEEE European Symposium on Security and Privacy (EuroS&P); 35-47. https://doi.org/10.1109/EuroSP.2017.3310.1109/EuroSP.2017.33
    Search in Google ScholarBack to article
  5. Chin, E., Felt, A.P., Sekar, V., and Wagner, D.A. (2012). Measuring user confidence in smartphone security and privacy. In Proceedings of the Eighth Symposium on Usable Privacy and Security (SOUPS ‘12). Association for Computing Machinery, New York, NY, USA (Article 1); 1–16. https://doi.org/10.1145/2335356.233535810.1145/2335356.2335358
    Search in Google ScholarBack to article
  6. Benenson, Z., Kroll-Peters, O., and Krupp, M. (2012). Attitudes to IT Security when Using a Smartphone, Federated Conference on Computer Science and Information Systems (FedCSIS); 1179–1183.
    Search in Google ScholarBack to article
  7. Blumberg, A.J. and Eckersley, P. (2009). On locational privacy, and how to avoid losing it forever, Electronic Frontier Foundation. [cited 2021 June 22]. Available from: https://www.eff.org/files/eff-locational-privacy.pdf.
    Search in Google ScholarBack to article
  8. Book, T., Pridgen, A., and Wallach, D. S. (2013) Longitudinal analysis of Android ad library permissions. In Mobile Security Technologies (MoST), San Francisco, CA. https://doi.org/10.48550/arXiv.1303.0857
    Search in Google ScholarBack to article
  9. Cavoukian, A. (2010). Privacy by design: the definitive workshop. A foreword by Ann Cavoukian, Ph.D, vol 3 (2); 247–251. Proceedings of the Eighth Symposium on Usable Privacy and Security (SOUPS ‘12). Association for Computing Machinery, New York, NY, USA (Article 1); 1–16. https://doi.org/10.1007/s12394-010-0062-y10.1007/s12394-010-0062-y
    Search in Google ScholarBack to article
  10. Blumberg, A.J. and Eckersley, P. (2009). On locational privacy, and how to avoid losing it forever, Electronic Frontier Foundation. [cited 2021 June 22]. Available from: https://www.eff.org/files/eff-locational-privacy.pdf.
    Search in Google ScholarBack to article
  11. Egele, M., Brumley, D., Fratantonio, Y., and Kruegel, C. (2013). An empirical study of cryptographic misuse in android applications. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (CCS ‘13), Association for Computing Machinery, New York, NY, USA; 73–84. https://doi.org/10.1145/2508859.251669310.1145/2508859.2516693
    Search in Google ScholarBack to article
  12. Enck, W., Gilbert, P., Chun, B. G., Cox, L. P., Jung, J., McDaniel, P., and Sheth, A. N. (2019). TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones, In Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation; 393-407. https://doi.org/10.1145/249452210.1145/2494522
    Search in Google ScholarBack to article
  13. Enck, W., Octeau, D., McDaniel, P., and Chaudhuri, S. (2011). A Study of Android Application Security. Proceedings of the 20th USENIX Security Symposium, San Francisco, CA; 10-12.
    Search in Google ScholarBack to article
  14. Enck, W., Ongtang, M., Mcdaniel, P. (2009). On lightweight mobile phone application certification, In Proceedings of the 16th ACM conference on Computer and communications security (CCS ‘09), Association for Computing Machinery, New York, NY, USA; 235–245. https://doi.org/10.1145/1653662.165369110.1145/1653662.1653691
    Search in Google ScholarBack to article
  15. EU General Data Protection Regulation; 2016 [cited 2021 Aug 8]. Available from: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A02016R0679-20160504.
    Search in Google ScholarBack to article
  16. Fahl, S., Harbach, M., Muders, T., Baumgärtner, L., Freisleben, B., and Smith, M. (2012). Why eve and mallory love android: an analysis of android SSL (in)security, In Proceedings of the 2012 ACM conference on Computer and communications security (CCS ‘12), Association for Computing Machinery, New York, NY, USA; 50–61. https://doi.org/10.1145/2382196.238220510.1145/2382196.2382205
    Search in Google ScholarBack to article
  17. Felt, A. P., Egelman, S., and Wagner, D. (2012). I’ve got 99 problems, but vibration ain’t one: a survey of smartphone users’ concerns, In Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices (SPSM ‘12), Association for Computing Machinery, New York, NY, USA; 33–44. https://doi.org/10.1145/2381934.238194310.1145/2381934.2381943
    Search in Google ScholarBack to article
  18. Felt, A. P., Ha, E., Egelman, S., Haney, A., Chin, E., and Wagner, D. (2012). Android permissions: user attention, comprehension, and behavior. In Proceedings of the Eighth Symposium on Usable Privacy and Security (SOUPS ‘12). Association for Computing Machinery, New York, NY, USA, Article 3;1–14. https://doi.org/10.1145/2335356.233536010.1145/2335356.2335360
    Search in Google ScholarBack to article
  19. Fife, E., and Orjuela, J. (2012). The Privacy Calculus: Mobile Apps and User Perceptions of Privacy and Security, International Journal of Engineering Business Management. 5(6); 7. https://doi.org/10.5772%2F51645
    Search in Google ScholarBack to article
  20. Fritsch, L. and Momen, N. (2017). Derived Partial Identities Generated from App Permissions, In: Fritsch, L., Roßnagel, H. and Hühnlein, D. (Hrsg.), Open Identity Summit 2017, Gesellschaft für Informatik, Bonn; 117-130.
    Search in Google ScholarBack to article
  21. Fritsch, L., and Abie, H. (2008). Towards a Research Road Map for the Management of Privacy Risks in Information Systems, In: Alkassar, A. & Siekmann, J. (Hrsg.), SICHERHEIT 2008 – Sicherheit, Schutz und Zuverlässigkeit. Beiträge der 4. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI). Bonn: Gesellschaft für Informatik e. V; 1-15.
    Search in Google ScholarBack to article
  22. Gadaleta, M., and Rossi, M. (2018). IDNet: Smartphone-based Gait Recognition with Convolutional Neural Networks; 25-37. https://doi.org/10.48550/arXiv.1606.0323810.1016/j.patcog.2017.09.005
    Search in Google ScholarBack to article
  23. Google Developers (2021). Permissions on Android; [cited 2021 Oct 9]. Available from: https://developer.android.com/guide/topics/permissions/overview/.
    Search in Google ScholarBack to article
  24. Google-play-scraper 1.0.2; 2021 [cited 2021 Nov 8]. Available from: https://pypi.org/project/google-play-scraper/
    Search in Google ScholarBack to article
  25. Habib, S.M., Alexopoulos, N., Islam, M.M., Heider, J., Marsh, S., and Mühlhäuser, M. (2018). Trust4App: Automating Trustworthiness Assessment of Mobile Applications, 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE); 124-135. https://doi.org/10.1109/TrustCom%2FBigDataSE.2018.0002910.1109/TrustCom/BigDataSE.2018.00029
    Search in Google ScholarBack to article
  26. Hatamian, M. (2020). Engineering Privacy in Smartphone Apps: A Technical Guideline Catalog for App Developers, in IEEE Access, vol. 8; 35429-35445. https://doi.org/10.1109/ACCESS.2020.297491110.1109/ACCESS.2020.2974911
    Search in Google ScholarBack to article
  27. Hatamian, M., Serna, J., Rannenberg, K., and Igler, B. (2017). FAIR: Fuzzy Alarming Index Rule for Privacy Analysis in Smartphone Apps, In J. Lopez, S. Fischer-Hübner, & C. Lambrinoudakis (Eds.), Trust, Privacy and Security in Digital Business: 14th International Conference, TrustBus 2017, Lyon, France, Vol. 10442; pp. 3-18. https://doi.org/10.1007/978-3-319-64483-7_110.1007/978-3-319-64483-7_1
    Search in Google ScholarBack to article
  28. Ibrar F., Saleem H., Castle S., Malik M. Z. (2017). A Study of Static Analysis Tools to Detect Vulnerabilities of Branchless Banking Applications in Developing Countries, In Proceedings of the Ninth International Conference on Information and Communication Technologies and Development (ICTD ‘17), Association for Computing Machinery, New York, NY, USA, Article 30; 1–5.10.1145/3136560.3136595
    Search in Google ScholarBack to article
  29. Isaak, J. and Hanna, M. J. (2018). User Data Privacy: Facebook, Cambridge Analytica, and Privacy Protection, in Computer, vol. 51 (8); 56-59. https://doi.org/10.1109/MC.2018.319126810.1109/MC.2018.3191268
    Search in Google ScholarBack to article
  30. Jain, A.K. and Shanbhag, D. (2012). Addressing Security and Privacy Risks in Mobile Applications. IT Professional, 14; 28-33. https://doi.org/10.1109/MITP.2012.7210.1109/MITP.2012.72
    Search in Google ScholarBack to article
  31. Knorr K., Aspinall D., and Wolters M. (2015). On the privacy, security and safety of blood pressure and diabetes apps. In: IFIP International Information Security and Privacy Conference. Springer; 571–584. https://doi.org/10.1007/978-3-319-18467-8_3810.1007/978-3-319-18467-8_38
    Search in Google ScholarBack to article
  32. Kuehnhausen, M., and Frost, V.S. (2013). Trusting smartphone Apps? To install or not to install, that is the question. 2013 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA); 30-37. https://doi.org/10.1109/CogSIMA.2013.652382010.1109/CogSIMA.2013.6523820
    Search in Google ScholarBack to article
  33. Kurtz, A., Gascon, H., Becker, T., Rieck, K. and Freiling, F. (2015). Fingerprinting Mobile Devices Using Personalized Configurations, Proceedings on Privacy Enhancing Technologies, Vol.2016 (Issue 1); 4-19. http://dx.doi.org/10.1515/popets-2015-002710.1515/popets-2015-0027
    Search in Google ScholarBack to article
  34. Leibenger, D., Möllers, F., Petrlic, A., Petrlic, R. and Sorge, C. (2016). Privacy Challenges in the Quantified Self Movement – An EU Perspective, Proceedings on Privacy Enhancing Technologies, Vol.2016 (Issue 4); 315-334. http://dx.doi.org/10.1515/popets-2016-004210.1515/popets-2016-0042
    Search in Google ScholarBack to article
  35. Leontiadis, I., Efstratiou, C., Picone, M., and Mascolo, C. (2012). Don’t kill my ads! balancing privacy in an ad-supported mobile application market, In Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications (HotMobile ‘12), Association for Computing Machinery, New York, NY, USA, Article 2; 1–6. http://dx.doi.org/10.1145/2162081.216208410.1145/2162081.2162084
    Search in Google ScholarBack to article
  36. Lin, J., Amini, S., Hong, J. I., Sadeh, N., Lindqvist, J., and Zhang, J. (2012). Expectation and purpose: understanding users’ mental models of mobile app privacy through crowdsourcing. In Proceedings of the 2012 ACM Conference on Ubiquitous Computing (UbiComp ‘12), Association for Computing Machinery, New York, NY, USA; 501–510. http://dx.doi.org/10.1145/2370216.237029010.1145/2370216.2370290
    Search in Google ScholarBack to article
  37. Lin, J. (2013). Understanding and capturing people’s mobile app privacy preferences, Ph.D. Dissertation, Carnegie Mellon University, PA, USA; No. CMU-CS-13-127.
    Search in Google ScholarBack to article
  38. McDonald, A. M., and Cranor, L. F. (2008). The Cost of Reading Privacy Policies, I/S: A Journal of Law and Policy for the Information Society, 4(3); 540–565.
    Search in Google ScholarBack to article
  39. Melicher, W., Kurilova, D., Segreti, S. M., Kalvani, P., Shay, R., Ur, B., Bauer, L., Christin, N., Cranor, L. F., and Mazurek, M. L. (2016). Usability and Security of Text Passwords on Mobile Devices, In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (CHI ‘16), Association for Computing Machinery, New York, NY, USA; 527–539. https://doi.org/10.1145/2858036.285838410.1145/2858036.2858384
    Search in Google ScholarBack to article
  40. Mell, P., Scarfone, K., and Romanosky, S. (2007). A Complete Guide to the Common Vulnerability Scoring System Version 2.0. FIRST-Forum of Incident Response and Security Teams; 1-23.
    Search in Google ScholarBack to article
  41. Mobile Security Framework; 2020 [cited 2021 Oct 17]. Available from: https://github.com/MobSF/Mobile-Security-Framework-MobSF.
    Search in Google ScholarBack to article
  42. Momen, N. and Fritsch, L. (2020). App-generated digital identities extracted through Android permission-based data access - a survey of app privacy, In: Reinhardt, D., Langweg, H., Witt, B. C. and Fischer, M. (Hrsg.), SICHERHEIT 2020. Bonn: Gesellschaft für Informatik e.V; 15-28. https://doi.org/10.18420/sicherheit2020_01
    Search in Google ScholarBack to article
  43. Mylonas, A., Kastania, A., Gritzalis, D. (2012). Delegate the smartphone user? Security awareness in smartphone platforms. Comput. Secur. 34; 47–66. https://doi.org/10.1016/j.cose.2012.11.00410.1016/j.cose.2012.11.004
    Search in Google ScholarBack to article
  44. Nigeria Data Protection Regulation; 2019 [cited 2021 Aug 8]. Available from: https://ndpr.nitda.gov.ng/Content/Doc/NigeriaDataProtectionRegulation.pdf.
    Search in Google ScholarBack to article
  45. Olejnik, L., Acar, G., Castelluccia, C., and Díaz, C. (2015). The Leaking Battery: A Privacy Analysis of the HTML5 Battery Status API, Lecture Notes in Computer Science, vol. 9481; 254–263. https://doi.org/10.1007/978-3-319-29883-2_1810.1007/978-3-319-29883-2_18
    Search in Google ScholarBack to article
  46. Paintsil, E., and Fritsch, L. (2011). A Taxonomy of Privacy and Security Risks Contributing Factors. 6th International Summer School Conference on Privacy and Identity Management for Life, Aug 2010, Helsingborg, Sweden; 52-63. http://dx.doi.org/10.1007/978-3-642-20769-3_510.1007/978-3-642-20769-3_5
    Search in Google ScholarBack to article
  47. Paintsil, E., and Fritsch, L. (2013). Executable Model-Based Risk Analysis Method for Identity Management Systems : Using Hierarchical Colored Petri Nets Executable Model-Based Risk Assessment Method for Identity Management Systems, Trust, Privacy, and Security in Digital Business : 10th International Conference, TrustBus 2013, Prague, Czech Republic; 48–61. https://doi.org/10.1007/978-3-642-40343-9_510.1007/978-3-642-40343-9_5
    Search in Google ScholarBack to article
  48. Papageorgiou, A., Strigkos, M., Politou, E.A., Alepis, E., Solanas, A., and Patsakis, C. (2018). Security and Privacy Analysis of Mobile Health Applications: The Alarming State of Practice, vol. 6; 9390-9403. https://doi.org/10.1109/access.2018.279952210.1109/ACCESS.2018.2799522
    Search in Google ScholarBack to article
  49. Qian, K., Parizi, R.M., and Lo, D.C. (2018). OWASP Risk Analysis Driven Security Requirements Specification for Secure Android Mobile Software Development, In 2018 IEEE Conference on Dependable and Secure Computing (DSC); 1-2. https://doi.org/10.1109/DESEC.2018.862511410.1109/DESEC.2018.8625114
    Search in Google ScholarBack to article
  50. Reidenberg, J.R., Breaux, T., Carnor, L.F. and French, B. (2015). Disagreeable privacy policies: Mismatches between meaning and users’ understanding. Berkeley Technology Law Journal 30(1); 39–68.
    Search in Google ScholarBack to article
  51. Ryan, F., Fritz, A., Impiombato, D., and Australian Strategic Policy Institute, International Cyber Policy Centre, issuing body. (2020). TikTok & Wechat : curating and controlling global information flows Australian Strategic Policy Institute, Barton, Australian Capital Territory [cited 2021 Jun 17]. Available from: http://www.jstor.org/stable/resrep26120.7.
    Search in Google ScholarBack to article
  52. Seneviratne, S., Seneviratne, A., Mohapatra, P., and Mahanti, A. (2014). Predicting user traits from a snapshot of apps installed on a smartphone. SIGMOBILE Mob. Comput. Commun. Rev. 18 (2); 1–8. http://dx.doi.org/10.1145/2636242.263624410.1145/2636242.2636244
    Search in Google ScholarBack to article
  53. Solove, D.J. (2011). Nothing to Hide: The False Tradeoff between Privacy and Security. Yale University Press.
    Search in Google ScholarBack to article
  54. Statista (2021). Number of apps available in leading app stores as of 1st quarter 2021; [cited 2021 Jun 17]. Available from: https://www.statista.com/statistics/276623/number-ofapps-available-in-leading-app-stores.
    Search in Google ScholarBack to article
  55. Turner, B. (2021). Mobile App Download and Usage Statistics; [cited 2021 Jun 17]. Available from: https://www.bankmycell.com/blog/how-many-phones-are-in-the-world.
    Search in Google ScholarBack to article
  56. Vallina-Rodriguez, N., Sundaresan, S., Razaghpanah, A., Nithyanand, R., Allman, M., Kreibich, C., and Gill, P. (2016). Tracking the Trackers: Towards Understanding the Mobile Advertising and Tracking Ecosystem. https://doi.org/10.48550/arXiv.1609.07190
    Search in Google ScholarBack to article
  57. Zhang Y., Yang Y., and Wang X. (2018). A Novel Android Malware Detection Approach Based on Convolutional Neural Network, In Proceedings of the 2nd International Conference on Cryptography, Security and Privacy (ICCSP 2018). Association for Computing Machinery, New York, NY, USA; 144–149. https://doi.org/10.1145/3199478.319949210.1145/3199478.3199492
    Search in Google ScholarBack to article
  58. Zou, Y., Zhu, J., Wang, X., and Hanzo, L. (2016). A Survey on Wireless Security: Technical Challenges, Recent Advances, and Future Trends, Proceedings of the IEEE, 104; 1727-1765. https://doi.org/10.1109/JPROC.2016.255852110.1109/JPROC.2016.2558521
    Search in Google ScholarBack to article
DOI: https://doi.org/10.2478/ast-2022-0005 | Journal eISSN: 2544-6320
Journal RSS Feed
Language: English
Page range: 1 - 20
Submitted on: Apr 12, 2022
Accepted on: Jun 26, 2022
Published on: Dec 23, 2022
Published by: Sciendo
In partnership with: Paradigm Publishing Services
Publication frequency: 2 issues per year
Keywords:
data,
permission,
privacy,
protection,
smartphone,
vulnerability
Related subjects:
Chemistry,
Biochemistry,
Environmental chemistry,
Industrial chemistry,
Analytical Chemistry

© 2022 Kelly E. Orjiude, Chika O. Yinka-Banjo, published by Sciendo
This work is licensed under the Creative Commons Attribution 4.0 License.

Volume 7 (2022): Issue 2 (December 2022)Next article