Skip to main content

Research Repository

Advanced Search

To allow, or deny? That is the question

Andriotis, Panagiotis; Takasu, Atsuhiro

Authors

Profile Image

Dr Panos Andriotis Panagiotis.Andriotis@uwe.ac.uk
Senior Lecturer in Computer Forensics and Security

Atsuhiro Takasu



Abstract

The Android ecosystem is dynamic and diverse. Controls have been set in place to allow mobile device users to regulate exchanged data and restrict apps from accessing sensitive personal information and system resources. Modern versions of the operating system implement the run-time permission model which prompts users to allow access to protected resources the moment an app attempts to utilize them. It is assumed that, in general, the run-time permission model, compared to its predecessor, enhances users' security awareness. In this paper we show that installed apps on Android devices are able to employ the systems' public assets and extract users' permission settings. Then we utilize permission data from 71 Android devices to create privacy profiles based on users' interaction with permission dialogues initiated by the system during run-time. Therefore, we demonstrate that any installed app that runs on the foreground can perform an endemic live digital forensic analysis on the device and derive similar privacy profiles of the user. Moreover, focusing on the human factors of security, we show that although in theory users can control the resources they make accessible to apps, they eventually fail to successfully recall these settings, even for the apps that they regularly use. Finally, we briefly discuss our findings derived from a pen-and-paper exercise showcasing that users are more likely to allow apps to access their location data on contemporary mobile devices (running version Android 10).

Citation

Andriotis, P., & Takasu, A. (2020). To allow, or deny? That is the question. In HCI for Cybersecurity, Privacy and Trust. , (287-304). https://doi.org/10.1007/978-3-030-50309-3_20

Conference Name 22nd International Conference on Human-Computer Interaction
Start Date Jul 19, 2020
End Date Jul 24, 2020
Acceptance Date Nov 25, 2019
Online Publication Date Jul 10, 2020
Publication Date Jul 10, 2020
Deposit Date Jan 31, 2020
Publicly Available Date Jul 11, 2021
Publisher Springer Verlag
Volume 12210 LNCS
Pages 287-304
Series Title Lecture Notes in Computer Science
Book Title HCI for Cybersecurity, Privacy and Trust
ISBN 9783030503086
DOI https://doi.org/10.1007/978-3-030-50309-3_20
Keywords Human factors, Live analysis, Mobile computing, User profiling, Location, Android 10
Public URL https://uwe-repository.worktribe.com/output/5297505

Files

This file is under embargo until Jul 11, 2021 due to copyright reasons.

Contact Panagiotis.Andriotis@uwe.ac.uk to request a copy for personal use.




You might also like



Downloadable Citations