Styx: Privacy risk communication for the Android smartphone platform based on apps' data-access behavior patterns

Bal, Gökhan; Rannenberg, Kai; Hong, Jason I.

doi:10.1016/j.cose.2015.04.004

Cited by 18 publications

(10 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Different methods are used to validate the working and behaviors of Android apps to prevent them from misbehaving or risking user privacy and device security. Misalignments in their descriptions and permission requirements, unnecessary use of Android permissions and sensitive Application Programming Interfaces (APIs), app collusions, and use of framing effect are some of the known indicators for intrusive apps [31,[39][40][41][42][43][44][45][46][47]. Apps should also put adequate privacy protection and security controls in place [48].…”

Section: Transparency and Accountability In Android Appsmentioning

confidence: 99%

“…App permissions are central to many risk evaluation models. For example, the authors of [39,[44][45][46] used app permissions to determine its access to sensitive user data and critical device features for calculating app risks. As Android uses a privacy self-management model and users grant or deny different permissions to an app after evaluating the costs and benefits of a function that the app is offering, users are supposed to be familiar with the sensitivity of different permissions [64].…”

Section: Designmentioning

confidence: 99%

See 1 more Smart Citation

On Transparency and Accountability of Smart Assistants in Smart Cities

et al. 2019

View full text Add to dashboard Cite

Smart Assistants have rapidly emerged in smartphones, vehicles, and many smart home devices. Establishing comfortable personal spaces in smart cities requires that these smart assistants are transparent in design and implementation—a fundamental trait required for their validation and accountability. In this article, we take the case of Google Assistant (GA), a state-of-the-art smart assistant, and perform its diagnostic analysis from the transparency and accountability perspectives. We compare our discoveries from the analysis of GA with those of four leading smart assistants. We use two online user studies (N = 100 and N = 210) conducted with students from four universities in three countries (China, Italy, and Pakistan) to learn whether risk communication in GA is transparent to its potential users and how it affects them. Our research discovered that GA has unusual permission requirements and sensitive Application Programming Interface (API) usage, and its privacy requirements are not transparent to smartphone users. The findings suggest that this lack of transparency makes the risk assessment and accountability of GA difficult posing risks to establishing private and secure personal spaces in a smart city. Following the separation of concerns principle, we suggest that autonomous bodies should develop standards for the design and development of smart city products and services.

show abstract

Section: Transparency and Accountability In Android Appsmentioning

confidence: 99%

Section: Designmentioning

confidence: 99%

On Transparency and Accountability of Smart Assistants in Smart Cities

et al. 2019

View full text Add to dashboard Cite

show abstract

“…The analyses shows that two-third of the apps show suspicious handling of sensitive data and that 15 of them reported users' location to remote advertising servers. Styx [35] is the name of a conceptual model which is based on TaintDroid. Styx is aimed to efficiently communicate the privacy impacts of smartphone apps to its users.…”

Section: Smartphone Application Behavior Analysismentioning

confidence: 99%

A Two-Pillar Approach to Analyze the Privacy Policies and Resource Access Behaviors of Mobile Augmented Reality Applications

Harborth¹,

Hatamian²,

Tesfay³

et al. 2019

Proceedings of the Annual Hawaii International Conference on System Sciences

Self Cite

View full text Add to dashboard Cite

Augmented reality (AR) gained much public attention since the success of Pokémon Go in 2016. Technology companies like Apple or Google are currently focusing primarily on mobile AR (MAR) technologies, i.e. applications on mobile devices, like smartphones or tablets. Associated privacy issues have to be investigated early to foster market adoption. This is especially relevant since past research found several threats associated with the use of smartphone applications. Thus, we investigate two of the main privacy risks for MAR application users based on a sample of 19 of the most downloaded MAR applications for Android. First, we assess threats arising from bad privacy policies based on a machine-learning approach. Second, we investigate which smartphone data resources are accessed by the MAR applications. Third, we combine both approaches to evaluate whether privacy policies cover certain data accesses or not. We provide theoretical and practical implications and recommendations based on our results.

show abstract

“…The issue of defining a better way to communicate privacy-related information to assist users' decision-making is addressed in Bal et al [4,5]. Reflecting upon "privacy consequences" and echoing the problematic nature of "second-order privacy risks" with the aforementioned Keith et al [24], the researchers argue that communicating privacy outcomes from privacy-related actions to mobile users should facilitate better decisions.…”

Section: Achievementsmentioning

confidence: 99%

“…In order to include various effects of internal and external factors influencing decisionmaking 5 , as well as different interdependencies, we can try a broader model of cognitionone that simulates dynamic cognitive processes as functions in a system, consisting of input and data acquisition, memory, attention, decision-making, and output generation. The modelling of complex cognitive phenomena is widely and rigorously addressed in cognitive architectures.…”

Section: Opportunity For Future Research: Cognitive Architecturesmentioning

confidence: 99%

Towards a Broadening of Privacy Decision-Making Models: The Use of Cognitive Architectures

Shulman

2018

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Over the last decades, people's behaviour and attitudes towards privacy have been thoroughly studied by scholars, approaching the issue from different perspectives. To address privacy-related decisions, it is necessary to consider aspects of human cognition, employing, for instance, methods used in Human-Computer Interaction and Information Science research. This paper analyses findings and contributions of existing privacy decision-making research, and suggests filling gaps in current understanding by applying a cognitive architecture framework to model privacy decision-making. This may broaden the range of factors and their relationships that can be integrated into the models of privacy decisions, beyond those in existing decision models.

show abstract

Styx: Privacy risk communication for the Android smartphone platform based on apps' data-access behavior patterns

Cited by 18 publications

References 8 publications

On Transparency and Accountability of Smart Assistants in Smart Cities

On Transparency and Accountability of Smart Assistants in Smart Cities

A Two-Pillar Approach to Analyze the Privacy Policies and Resource Access Behaviors of Mobile Augmented Reality Applications

Towards a Broadening of Privacy Decision-Making Models: The Use of Cognitive Architectures

Contact Info

Product

Resources

About