PUPDroid - Personalized user privacy mechanism for android

Melo, Leonardo Leite de; Zorzo, Sergio Donizetti

doi:10.1109/icsmc.2012.6377944

Cited by 6 publications

(3 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…All applications wishing to share a UID must be signed by the same developer key, and these share access to the same protected data files, as private data files created by the application are owned by the UID of the application, which is in this case shared between a group of applications. [9] One additional feature of the shared UID facility on Android is the ability for permissions to be shared between different packages using the same UID. [8] In this manner, it is possible for an application with no permissions, which shares a UID with a privileged application, to make use of these privileged permissions, without itself requesting these permissions.…”

Section: Methodsmentioning

confidence: 99%

“…A similar approach was proposed by Melo and Zorzo in [9], where users are able to control and personalise their own settings for privacy, after installation, using their PUPDroid framework. As with the MockDroid proposal, this technique requires modifications to be made to the Android operating system, in order to enforce the user's selections.…”

Section: Run-time Granulatitymentioning

confidence: 99%

See 1 more Smart Citation

Achieving Optional Android Permissions without Operating System Modifications

Paul

Irvine

2015

2015 IEEE 81st Vehicular Technology Conference (VTC Spring)

View full text Add to dashboard Cite

Since the release of the open-source Android operating system in 2009, considerable research has been carried out into various factors affecting the security and privacy of user data. As these devices become more widespread in usage, such as in vehicles with the announcement of Android Auto, the need for users to have control over the data available to applications is becoming important. A recurring theme from other works into this topic is that a more granular permissions model for Android applications would be beneficial, allowing users to understand which permissions their apps actually need, and to make decisions, rather than be forced to accept all of the requested permissions. A number of effective solutions have been presented, but these have required modifications be made to the core operating system, to enforce the existence of these new, optional permissions. We present an approach which permits an application developer to add optional permissions to their application, without any modifications being made to the underlying operating system. By not requiring rooting or other modifications to the device, this technique makes use of native Android functionality, and thus should remain operative between Android versions (which are increasingly difficult to gain root access on), unlike alternative techniques.

show abstract

Section: Methodsmentioning

confidence: 99%

Section: Run-time Granulatitymentioning

confidence: 99%

Achieving Optional Android Permissions without Operating System Modifications

Paul

Irvine

2015

2015 IEEE 81st Vehicular Technology Conference (VTC Spring)

View full text Add to dashboard Cite

show abstract

“…To address this problem, many fine-grained solutions have been proposed for users to communicate their privacy preferences to the service provider (e.g. [2,15,16,31,42,49,75,80,85,119]). In fact, there is evidence that when given a choice, users prefer to exercise fine-grained control and select the data they are happy to share, rather than refuse to share any data at all.…”

Section: Privacy Managementmentioning

confidence: 99%

Automated privacy negotiations with preference uncertainty

Filipczuk

Baarslag

Gerding

et al. 2022

Auton Agent Multi-Agent Syst

View full text Add to dashboard Cite

Many service providers require permissions to access privacy-sensitive data that are not necessary for their core functionality. To support users’ privacy management, we propose a novel agent-based negotiation framework to negotiate privacy permissions between users and service providers using a new multi-issue alternating-offer protocol based on exchanges of partial and complete offers. Additionally, we introduce a novel approach to learning users’ preferences in negotiation and present two variants of this approach: one variant personalised to each individual user, and one personalised depending on the user’s privacy type. To evaluate them, we perform a user study with participants, using an experimental tool installed on the participants’ mobile devices. We compare the take-it-or-leave-it approach, in which users are required to accept all permissions requested by a service, to negotiation, which respects their preferences. Our results show that users share personal data 2.5 times more often when they are able to negotiate while maintaining the same level of decision regret. Moreover, negotiation can be less mentally demanding than the take-it-or-leave-it approach and it allows users to align their privacy choices with their preferences. Finally, our findings provide insight into users’ data sharing strategies to guide the future of automated and negotiable privacy management mechanisms.

show abstract