Relationship between User Privacy and Application Permissions in Smartphone Platforms

摘要

Smartphone devices running mobile operating systems are an integral part of society. Smartphone devices are used every day for communication, work purposes, online banking, shopping, and getting information, etc. There is a perception that smartphones are immune from malware and attacks, but they introduce a lot of potential privacy risks to end-users. Smartphone capabilities that can be misused include access to sensitive information such as the International Mobile Equipment Identity (IMEI) phone identifier, location tracking, and Short Message Service (SMS) privileges, which may cost the user money.;This research presents a systematic study, which identifies potential attacks and threats, and introduces a new detection method that uses machine learning models to classify apps into safe, benign, and malicious categories. The goal is to explore and quantify the relationship between app permissions and user privacy. This research would also provide a novel method to measure the severity of user privacy violation.;Previous work in malicious app detection considered just one or two features, such as the category to which each app belongs and if there are more app permissions than required, but they never considered the impact of app permissions on smartphone malware and ad networks. Also, a lot of research has been conducted on identifying if there is information leakage that apps can conduct, but to the best of my knowledge there is not a formal method to measure user privacy violation. It occurs when the user is not notified about the resources or information accessed and if the information is misused when stored in third-party servers.;The present research addresses these issues. In addition, this study develops the Android Application Permission Manager (AAPM) privacy app which would inform users about (1) over-privileged app permissions, (2) the number of ad networks associated with each app, (3) potential privacy threats that each app permission can expose the user to, and (4) how to provide a balance between app functionality and protection of the user privacy.