Paul Gerber
Karen Renaud
Abstract
A smartphone is an indispensible device that also holds a great deal of personal and private data. Contact details, party or holiday photos and emails --- all carried around in our pockets and easily lost. On Android, the most widely-used smartphone operating system, access to this data is regulated by permissions. Apps request these permissions at installation, and they ideally only ask for permission to access data they really need to carry out their functions. The user is expected to check, and grant, requested permissions before installing the app. Their privacy can potentially be violated if they fail to check the permissions carefully. In June 2014 Google changed the Android permission screen, perhaps attempting to improve its usability. Does this mean that all is well in the Android eco-system, or was this update a retrograde move? This article discusses the new permission screen and its possible implications for smartphone owner privacy.
- Android.com. Manifest.permission. Retrieved December 15th, 2014. http://developer.android.com/reference/android/Manifest.permission.html.Google Scholar
- androidnext. Google Play Store: Jüngstes Update sorgt für laxere Handhabung von App-Berechtigungen. Retrieved December 1st, 2014. http://www.androidnext.de/news/google-play-store-juengstes-update-sorgt-fuer-laxere-handhabung-von-app-berechtigungen/.Google Scholar
- areamobile. Google erschwert Prüfen von App-Berechtigungen. Retrieved October 1st, 2014. http://www.areamobile.de/news/27347-android-google-erschwert-pruefen-von-app-berechtigungen.Google Scholar
- S. Egelman, J. Tsai, L. F. Cranor, and A. Acquisti. Timing is everything? In Proceedings of the 27th international conference on Human factors in computing systems - CHI 09, page 319, New York, New York, USA, 2009. ACM Press. Google ScholarDigital Library
- Fachbereich Informatik Technische Universität Darmstadt. Forschungsgruppe Security, Usability and Society: Privacy friendly QR Scanner App. Retrieved December 15th, 2014. https://www.secuso.informatik.tu-darmstadt.de/de/research/results/privacy-friendly-qr-scanner-app/.Google Scholar
- A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android permissions demystified. Proceedings of the 18th ACM conference on Computer and communications security - CCS '11, page 627, 2011. Google ScholarDigital Library
- A. P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner. Android Permissions: User Attention, Comprehension, and Behavior. In Symposium on Usable Privacy and Security (SOUPS) 2012, Washington, DC, USA, 2012. Google ScholarDigital Library
- golem.de. Android-Apps erhalten leichter mehr Berechtigungen. Retrieved October 1st, 2014. http://www.golem.de/news/google-play-store-android-apps-erhalten-leichter-mehr-berechtigungen-1406-106856.html.Google Scholar
- Google. Check app permissions. Retrieved September 29th, 2014. https://support.google.com/googleplay/answer/6014972?hl=dehttps://support.google.com/googleplay/answer/6014972?hl=de.Google Scholar
- M. Harbach, M. Hettig, S. Weber, and M. Smith. Using personal examples to improve risk communication for security & privacy decisions. Proceedings of the 32nd annual ACM conference on Human factors in computing systems - CHI '14, pages 2647--2656, 2014. Google ScholarDigital Library
- heise online. Play Store ermöglicht Apps mehr Rechte ohne Nachfragen. Retrieved October 1st, 2014. http://heise.de/-2211827. retrieval date: May 30, 2014.Google Scholar
- P. G. Kelley, S. Consolvo, L. F. Cranor, J. Jung, N. Sadeh, and D. Wetherall. A Conundrum of Permissions: Installing Applications on an Android Smartphone. In J. Blyth, S. Dietrich, and L. J. Camp, editors, Financial Cryptography and Data Security, volume 7398 of Lecture Notes in Computer Science, pages 68--79. Springer Berlin Heidelberg, Berlin, Heidelberg, 2012. Google ScholarDigital Library
- P. G. Kelley, L. F. Cranor, and N. Sadeh. Privacy as part of the app decision-making process. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems - CHI '13, page 3393, 2013. Google ScholarDigital Library
- L. Kraus, I. Wechsung, and S. Möller. Using Statistical Information to Communicate Android Permission Risks to Users. In G. Lenzini and G. Bella, editors, Proc. of 4th Int. Worshop on Socio-Technical Aspects in Security and Trust (STAST). IEEE, 2014. Google ScholarDigital Library
- H. S. L. Z. Lin, Amini. Expectation and Purpose: Understanding Users' Mental Models of Mobile App Privacy through Crowdsourcing. pages 501--510, 2012. Google ScholarDigital Library
- T. Vidas, N. Christin, and L. F. Cranor. Curbing Android Permission Creep. In W2SP, 2011.Google Scholar
Index Terms
- Usability versus privacy instead of usable privacy: Google's balancing act between usability and privacy
Recommendations
Reconciling mobile app privacy and usability on smartphones: could user privacy profiles help?
WWW '14: Proceedings of the 23rd international conference on World wide webAs they compete for developers, mobile app ecosystems have been exposing a growing number of APIs through their software development kits. Many of these APIs involve accessing sensitive functionality and/or user data and require approval by users. ...
"Little brothers watching you": raising awareness of data leaks on smartphones
SOUPS '13: Proceedings of the Ninth Symposium on Usable Privacy and SecurityToday's smartphone applications expect users to make decisions about what information they are willing to share, but fail to provide sufficient feedback about which privacy-sensitive information is leaving the phone, as well as how frequently and with ...
Android privacy C(R)ache: reading your external storage and sensors for fun and profit
PAMCO '16: Proceedings of the 1st ACM Workshop on Privacy-Aware Mobile ComputingAndroid's permission system empowers informed privacy decisions when installing third-party applications. However, examining the access permissions is not enough to assess privacy exposure; even seemingly harmless applications can severely expose user ...
Comments