To see the other types of publications on this topic, follow the link: APP PERMISSION.
Journal articles on the topic 'APP PERMISSION'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'APP PERMISSION.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Xu, Guosheng, Shengwei Xu, Chuan Gao, Bo Wang, and Guoai Xu. "PerHelper: Helping Developers Make Better Decisions on Permission Uses in Android Apps." Applied Sciences 9, no. 18 (September 5, 2019): 3699. http://dx.doi.org/10.3390/app9183699.
Full textAbstract:
Permission-related issues in Android apps have been widely studied in our research community, while most of the previous studies considered these issues from the perspective of app users. In this paper, we take a different angle to revisit the permission-related issues from the perspective of app developers. First, we perform an empirical study on investigating how we can help developers make better decisions on permission uses during app development. With detailed experimental results, we show that many permission-related issues can be identified and fixed during the application development phase. In order to help developers to identify and fix these issues, we develop PerHelper, an IDEplugin to automatically infer candidate permission sets, which help guide developers to set permissions more effectively and accurately. We integrate permission-related bug detection into PerHelper and demonstrate its applicability and flexibility through case studies on a set of open-source Android apps.
2
Naga Malleswari, D., A. Dhavalya, V. Divya Sai, and K. Srikanth. "A detailed study on risk assessment of mobile app permissions." International Journal of Engineering & Technology 7, no. 1.1 (December 21, 2017): 297. http://dx.doi.org/10.14419/ijet.v7i1.1.9706.
Full textAbstract:
Mobile phone have user’s personal and private information. When mobile applications have the permission to access to this information they may leak it to third parties without user’s consent for their own benefits. As users are not aware of how their personal information would be used once applications are installed and permissions are granted, this raises a potential privacy concern. Therefore, there is a need for a risk assessment model that can intimate the users about the threats the mobile application poses to the user's private information. We propose an approach that helps in increasing user’s awareness of the privacy risk involved with granting permissions to Android applications. The proposed model focuses on the requested permissions of the application and determines the risk based on the permission set asked and gives a risk score.
3
Ullah, Salim, Muhammad Sohail Khan, Choonhwa Lee, and Muhammad Hanif. "Understanding Users’ Behavior towards Applications Privacy Policies." Electronics 11, no. 2 (January 13, 2022): 246. http://dx.doi.org/10.3390/electronics11020246.
Full textAbstract:
Recently, smartphone usage has increased tremendously, and smartphones are being used as a requirement of daily life, equally by all age groups. Smartphone operating systems such as Android and iOS have made it possible for anyone with development skills to create apps for smartphones. This has enabled smartphone users to download and install applications from stores such as Google Play, App Store, and several other third-party sites. During installation, these applications request resource access permissions from users. The resources include hardware and software like contact, memory, location, managing phone calls, device state, messages, camera, etc. As per Google’s permission policy, it is the responsibility of the user to allow or deny any permissions requested by an app. This leads to serious privacy violation issues when an app gets illegal permission granted by a user (e.g., an app might request for granted map permission and there is no need for map permission in the app, and someone can thereby access your location by this app). This study investigates the behavior of the user when it comes to safeguarding their privacy while installing apps from Google Play. In this research, first, seven different applications with irrelevant permission requests were developed and uploaded to two different Play Store accounts. The apps were live for more than 12 months and data were collected through Play Store analytics as well as the apps’ policy page. The preliminary data analysis shows that only 20% of users showed concern regarding their privacy and security either through interaction with the development team through email exchange or through commenting on the platform and other means accordingly.
4
Onik, Md Mehedi Hassan, Chul-Soo Kim, Nam-Yong Lee, and Jinhong Yang. "Personal Information Classification on Aggregated Android Application’s Permissions." Applied Sciences 9, no. 19 (September 24, 2019): 3997. http://dx.doi.org/10.3390/app9193997.
Full textAbstract:
Android is offering millions of apps on Google Play-store by the application publishers. However, those publishers do have a parent organization and share information with them. Through the ‘Android permission system’, a user permits an app to access sensitive personal data. Large-scale personal data integration can reveal user identity, enabling new insights and earn revenue for the organizations. Similarly, aggregation of Android app permissions by the app owning parent organizations can also cause privacy leakage by revealing the user profile. This work classifies risky personal data by proposing a threat model on the large-scale app permission aggregation by the app publishers and associated owners. A Google-play application programming interface (API) assisted web app is developed that visualizes all the permissions an app owner can collectively gather through multiple apps released via several publishers. The work empirically validates the performance of the risk model with two case studies. The top two Korean app owners, seven publishers, 108 apps and 720 sets of permissions are studied. With reasonable accuracy, the study finds the contact number, biometric ID, address, social graph, human behavior, email, location and unique ID as frequently exposed data. Finally, the work concludes that the real-time tracking of aggregated permissions can limit the odds of user profiling.
5
Paul, Nishtha, Arpita Jadhav Bhatt, Sakeena Rizvi, and Shubhangi. "Malware Detection in Android Apps Using Static Analysis." Journal of Cases on Information Technology 24, no. 3 (July 2022): 1–25. http://dx.doi.org/10.4018/jcit.20220701.oa6.
Full textAbstract:
Frequency of malware attacks because Android apps are increasing day by day. Current studies have revealed startling facts about data harvesting incidents, where user’s personal data is at stake. To preserve privacy of users, a permission induced risk interface MalApp to identify privacy violations rising from granting permissions during app installation is proposed. It comprises of multi-fold process that performs static analysis based on app’s category. First, concept of reverse engineering is applied to extract app permissions to construct a Boolean-valued permission matrix. Second, ranking of permissions is done to identify the risky permissions across category. Third, machine learning and ensembling techniques have been incorporated to test the efficacy of the proposed approach on a data set of 404 benign and 409 malicious apps. The empirical studies have identified that our proposed algorithm gives a best case malware detection rate of 98.33%. The highlight of interface is that any app can be classified as benign or malicious even before running it using static analysis.
6
Naderi, Hamid, and Behzad Kiani. "Security Challenges in Android mHealth Apps Permissions: A Case Study of Persian Apps." Frontiers in Health Informatics 9, no. 1 (September 2, 2020): 41. http://dx.doi.org/10.30699/fhi.v9i1.224.
Full textAbstract:
Introduction: In this study, Persian Android mobile health (mhealth) applications were studied to describe usage of dangerous permissions in health related mobile applications. So the most frequently normal and dangerous permissions used in mhealth applications were reviewed.Materials and Methods: We wrote a PHP script to crawl information of Android apps in “health” and “medicine” categories from Cafebazaar app store. Then permission information of these application were extracted.Results: 11627 permissions from 3331 studied apps were obtained. There was at least one dangerous permission in 48% of reviewed apps. 41% of free applications, 53% of paid applications and 71% of in-purchase applications contained dangerous permissions. 1321 applications had writing permission to external storage of phone (40%), 1288 applications had access to read from external storage (39%), 422 applications could read contact list and ongoing calls (13%) and 188 applications were allowed to access phone location (5%).Conclusion: Most of Android permissions are harmless but significant number of the apps have at least one dangerous permission which increase the security risk. So paying attention to the permissions requested in the installation step is the best way to ensure that the application installed on your phone can only access what you want.
7
Xiong, Aiping, Huangyi Ge, Wanling Zou, Ninghui Li, and Robert W. Proctor. "Increasing the Influence of Permission Safety on App Selections by Changes in Visual Representation." Proceedings of the Human Factors and Ergonomics Society Annual Meeting 61, no. 1 (September 2017): 797. http://dx.doi.org/10.1177/1541931213601692.
Full textAbstract:
Previous studies have shown that inclusion of a permission safety score/cue in the early stage of selecting an app assists users in making safer choices (Chen, Gates, Li, & Proctor, 2015; Gates, Chen, Li, & Proctor, 2014; Rajivan & Camp, 2016). Yet, user ratings were typically weighted more in app-selection decisions than a summary permission safety score, suggesting that app-associated risks are not fully understood or known by users. In daily interactions, people make privacy decisions not just based on rational considerations but also on heuristics (e.g., take the first, Dogruel, Joeckel, & Bowman, 2015). Interfaces of popular online services and systems sometimes exploit these heuristics and biases to nudge people to act in ways that are not always aligned with their own intentions (Stutzma, Gross, & Acquisti, 2013). On the contrary, the goal of present study was to evaluate various formats for presenting the permission safety scores to nudge users to make decisions that are in better agreement with their security and privacy objectives. With 2 studies, we found that a 3-color representation of permission safety promotes safe behavior and communicates privacy of apps well. In Experiment 1, the permission safety score was placed above or below the user rating, and it was conveyed by a number from 1 to 5 paired with a shield or lock icon. The user rating was presented as a number from 1 to 5, paired with a gray star. Participants completed six app-selection tasks, in which, for each, two apps out of six were chosen. The percentage of app selection was higher with increased safety as well as increased user ratings. Permission safety interacted with user rating: For apps with lower user ratings the permission safety did not influence app selection, but for apps with higher user ratings an increased permission safety score led to more app selection. However, neither location (above or below) nor the icon type showed a main effect, nor did they interact. In Experiment 2, the 3-level permission safety score was conveyed by color (red, yellow, green), emoticons (frown, neutral, smile), color with emoticons, or a number from 1 to 3 paired with a lock icon. Participants performed the same tasks as Experiment 1. The results were similar as Experiment 1 except that presentation format interacted with permission safety score. Further analysis showed that that the permission safety score had more influence on app selection when it was represented by conditions with color coding, indicating that permission safety was weighted more in the app-selection decisions when permission safety was presented with 3-color-coding. The role of color in enhancing risk perception is consistent with the role of color in enhancing hazard perception in warning literature (Wogalter, 2006). Given the relative quickness of the decision and the limited cues that users consider during app selection, their attention should be directed to more important app-specific privacy characteristics. Our results provided evidence that 3-color coding can shift users’ attention and influence users to make safer app selections. In designing a visual privacy rating to nudge people away from risky apps, leveraging visual attributes that are prevalent for conveying valence is recommended.
8
Reimer, Helmut. "App „Permission Watcher“ für Android-Smartphones." Datenschutz und Datensicherheit - DuD 36, no. 3 (March 2012): 218. http://dx.doi.org/10.1007/s11623-012-0079-5.
Full text
9
Liu, Zhongxin, Xin Xia, David Lo, and John Grundy. "Automatic, highly accurate app permission recommendation." Automated Software Engineering 26, no. 2 (March 19, 2019): 241–74. http://dx.doi.org/10.1007/s10515-019-00254-6.
Full text
10
Yilmaz, Saliha, and Mastaneh Davis. "Hidden Permissions on Android: A Permission-Based Android Mobile Privacy Risk Model." European Conference on Cyber Warfare and Security 22, no. 1 (June 19, 2023): 717–24. http://dx.doi.org/10.34190/eccws.22.1.1453.
Full textAbstract:
The continuously increasing amount of data input on mobile devices has made collating and monitoring users’ data not only uniquely personalised but easier than ever. Along with that, mobile security threats have overtaken with rising numbers in bank fraud and personal information leaks. This suggests that there is a significant lack of awareness of security issues among mobile users. Specifically, permission-based passive content leaks are getting more attention due to the emerging issues in data privacy. One reason for this is that permissions are running in the background collecting and transmitting data between applications within the same permission group, without the user's knowledge. This means, that a supposedly innocent application like the Clock, which is linked with the Calendar to provide the date and time functionality, can have access to any other application within the same Calendar permission group, which is compromising confidentiality. Moreover, this can lead to a violation of data privacy as the user is not aware of which assets are being shared between permissions. Developers of mobile platforms have implemented permission-based models to counteract these issues, however, application designers have shown that they are not necessarily complying with the General Data Protection Regulations (GDPR). For the mobile user, this means that app developers, app providers, and third parties who are included in the applications, can gain access to sensitive data without user consent or awareness. To address this issue, this study examines permissions that are inherent in the Android mobile infrastructure and exemplifies how they can reveal delicate user information, identify user behaviour, and can be shared among other applications - without obviously breaching GDPR guidelines. 10 first-party Android applications were statically analysed by their permissions and manually investigated for their actual purpose and privacy risk. Finally, considering the affected area, these permissions were categorised into four asset groups that form the base of a risk model. With risk levels from low to high, this model provides detection of risks on data privacy in mobile permissions and highlights the difficulty with GDPR compliance, which we therefore named PRAM, a permission-based Android Mobile Privacy Risk Assessment Model.
11
Ehsan, Adeel, Cagatay Catal, and Alok Mishra. "Detecting Malware by Analyzing App Permissions on Android Platform: A Systematic Literature Review." Sensors 22, no. 20 (October 18, 2022): 7928. http://dx.doi.org/10.3390/s22207928.
Full textAbstract:
Smartphone adaptation in society has been progressing at a very high speed. Having the ability to run on a vast variety of devices, much of the user base possesses an Android phone. Its popularity and flexibility have played a major role in making it a target of different attacks via malware, causing loss to users, both financially and from a privacy perspective. Different malware and their variants are emerging every day, making it a huge challenge to come up with detection and preventive methodologies and tools. Research has spawned in various directions to yield effective malware detection mechanisms. Since malware can adopt different ways to attack and hide, accurate analysis is the key to detecting them. Like any usual mobile app, malware requires permission to take action and use device resources. There are 235 total permissions that the Android app can request on a device. Malware takes advantage of this to request unnecessary permissions, which would enable those to take malicious actions. Since permissions are critical, it is important and challenging to identify if an app is exploiting permissions and causing damage. The focus of this article is to analyze the identified studies that have been conducted with a focus on permission analysis for malware detection. With this perspective, a systematic literature review (SLR) has been produced. Several papers have been retrieved and selected for detailed analysis. Current challenges and different analyses were presented using the identified articles.
12
Amirulbahar, Azis, and Yova Ruldeviyani. "ANALYSIS OF EFFECTS OF APP PERMISSION CONCERNS ON INTENTIONS TO DISCLOSE PERSONAL INFORMATION: A CASE STUDY OF MONEY TRANSFER SERVICE APP." JITK (Jurnal Ilmu Pengetahuan dan Teknologi Komputer) 9, no. 1 (August 14, 2023): 109–18. http://dx.doi.org/10.33480/jitk.v9i1.4316.
Full textAbstract:
Data growth increased alongside the rise of mobile app users in financial services. In Indonesia, the number of financial services application downloads reached 24 million by the end of 2022, with a 28.72 percent increase in transactions. However, this growth also brings issues regarding the potential misuse of personal information, although according to the Personal Data Protection Act (UU PDP) in Indonesia, personal data is protected and kept confidential when accessed by another party. This prompts users to be more cautious in disclosing personal information. On the other hand, users are faced with risks to personal data that can be accessed by service providers, one of which is through app permissions. This research focuses on the influence of App Permission Concerns on users' intentions to disclose their personal information, with a case study of a money transfer services app in Indonesia, namely Flip, that received numerous negative reviews about users' data privacy concerns, especially when verifying using an identity card. The study uses a quantitative approach with PLS-SEM for data analysis. Convenience sampling was used, and data were collected via a questionnaire distributed through Google Forms on social media from May 9 to May 21, 2023 and a total of 224 respondents were obtained. The results of this study indicate that App Permission Concerns have a significant influence on Privacy Fatigue, Privacy Awareness, Privacy Concern and Trust. Trust significantly influences Intention to Disclose. This research is expected to contribute to future studies on app permissions and mobile app feature development.
13
Azam, Sami, Rajvinder Singh Sumra, Bharanidharan Shanmugam, Kheng Cher Yeo, Mirjam Jonokman, and Ganthan Narayana Samy. "Security Source Code Analysis of Applications in Android OS." International Journal of Engineering & Technology 7, no. 4.15 (October 7, 2018): 30. http://dx.doi.org/10.14419/ijet.v7i4.15.21366.
Full textAbstract:
It is a known fact that Android mobile phones’ security has room for improvement. Many malicious app developers have targeted android mobile phones, mainly because android as an open operating system provides great flexibility to developers and there are many android phones which do not have the latest security updates. With the update of marshmallow in android, applications request permission only during runtime, but not all users have this update. This is important because user permission is required to perform certain actions. The permissions may be irrelevant to the features provided by an application. The purpose of this research is to investigate the use and security risk of seeming irrelevant permissions in applications available from Google store. Two different applications which seem to ask irrelevant permissions during installation were selected from Google store. To test these applications, static analysis, dynamic analysis and reverse engineering tools were used. Findings show potentially malicious behavior, demonstrating that downloading apps from Google play store do not guarantee security.
14
Marquez, Antonio Flores, and Jozef Goetz. "Certificate Management Application." International Journal on Engineering, Science and Technology 5, no. 3 (September 6, 2023): 191–211. http://dx.doi.org/10.46328/ijonest.165.
Full textAbstract:
The purpose of the paper is to show how to expand the low code interactive framework in order to develop a web app for the broad needs of different fields. The goal of this work is to give a chance to computer science senior project students to work on a broad spectrum of projects using Apache, HTML, CSS, JavaScript, PHP, and MySQL. In this paper, the web app keeps track of recipients of computer science certificates. The web application is interactive, responsive, secured, password and database driven app. The web app uses a MYSQL database on the web server-side to record concentration, courses, and certificates. Admins and users with proper permissions can add, delete, view, and edit recipients, categories, certificates, and courses based on a level of permission. Admins with full permissions can edit permissions for other registered accounts. They have access to the Manage Categories, Manage Certificates, Manage Courses, Manage Recipients, and Manage Users pages depending on their permissions. The web app is accessible on all devices and is designed to be mobile as well. In conclusion, the project has been successfully designed and implemented according to best practices and finally tested on a web hosting server provider.
15
Chong, Isis, Huangyi Ge, Ningui Li, and Robert W. Proctor. "Influence of Privacy Priming and Security Framing on Android App Selection." Proceedings of the Human Factors and Ergonomics Society Annual Meeting 61, no. 1 (September 2017): 796. http://dx.doi.org/10.1177/1541931213601691.
Full textAbstract:
Many users unknowingly grant mobile applications (apps) permission to access their personal information (Felt et al., 2012). This access is in part a result of the large number of permissions apps request and users’ difficulty in understanding the nature of these potentially harmful requests (Kelley et al., 2011; Liccardi et al., 2014). Laboratory studies have suggested that different approaches can be taken to curtail the likelihood of mobile users installing malicious apps. A large body of work investigating mobile app security agrees that it is indeed possible to get users to make safer and more knowledgeable decisions during the app selection process. Gates, Chen, Li, and Proctor (2014), for example, found that users made less risky decisions when they were presented with a summary risk or safety ranking that conveys the overall risk of an app. Most recently, the effects of priming manipulations have indicated that introducing an intervention before the app selection process begins may be just as effective (Rajivan & Camp, 2016). In the current study we combined the work that has been conducted on providing overall risk/safety information (Chen et al., 2014; Choe et al., 2013) with that focused on priming users with self-relevant privacy questions (Rajivan & Camp, 2016). We sought to determine whether the subjective privacy priming effect reported by Rajivan and Camp could be replicated and whether an objective priming condition (in which facts about what information apps can access were presented) would have a similar or possibly even stronger effect. Another concern was how these priming conditions would interact with positively- vs, negatively-framed safety rankings (safety and risk scores, respectively). Participants were recruited through Amazon Mechanical Turk (MTurk). Participants were presented with subjective or objective safety items before the app-selection task and with apps and their respective safety rankings during the selection process. Subjective priming was induced with the eight subjective items used by Rajivan and Camp (2016), whereas objective priming was by way of app-permission examples modified from Harbach, Hettig, Weber, and Smith (2014). In the control condition, participants completed the task without any priming material, similar to the study by Chen et al. (2015). Also, summary safety and risk rankings were varied for the app-selection task, as in Chen et al.’s (2015) study. The procedure closely followed that of Chen et al. (2015). Participants were provided with a demonstration of the elements of the apps they would be selecting. Each app was displayed with several pieces of information including the app icon, app name, developer, user rating (out of five stars), user rating count, permission safety or risk ranking (out of five circles), and a brief description of the app. The distributions of user ratings and permission safety/risk rankings were identical to those used by Chen et al. (2015). For the safety framing condition, a higher safety ranking indicated a safer app, whereas for the negative framing condition, a higher risk ranking indicated a riskier app. Participants were instructed to pick two out of the six apps for six groups of apps. We were able to replicate the findings of Chen et al. (2015), showing a greater impact from summary scores framed as safety rather than risk. The data suggest that participants were more sensitive to the safety rankings when higher rankings indicated low vs. high safety than low vs. high risk. We also replicated the findings of Rajivan and Camp (2016) in which subjective priming of security enhances participants’ consideration of the safety rankings. Moreover, we obtained evidence that objective priming with specific app permissions yields a similar benefit. Since priming with either kind of safety-relevant items resulted in safer app selections than a control condition without priming, we conclude that the benefit of priming is primarily due to the general activation of security and privacy as part of the task set. In sum, this study supports the notion that a multi-pronged approach where safety-related information is presented before the app selection process and a summary safety index is displayed may be the most effective way to improve users’ safety behaviors.
16
Marsch, Maximilian, Jens Grossklags, and Sameer Patil. "Won't You Think of Others?: Interdependent Privacy in Smartphone App Permissions." Proceedings of the ACM on Human-Computer Interaction 5, CSCW2 (October 13, 2021): 1–35. http://dx.doi.org/10.1145/3479581.
Full textAbstract:
The ever increasing amount of data on smartphones often contains private information of others that people interact with via the device. As a result, one user's decisions regarding app permissions can expose the information of other parties. However, research typically focuses on consequences of privacy-related decisions only for the user who makes the decisions. Work on the impact of these decisions on the privacy of others is still relatively scant. We fill this gap with an online study that extends prior work on interdependent privacy in social networking sites to the context of smartphone permissions. Our findings indicate that people typically give less consideration to the implications of their actions for the privacy of others compared to the impact on themselves. However, we found that priming people with information that features others can help reduce this discrepancy. We apply this insight to offer suggestions for enhancing permission-specification interfaces and system architectures to accommodate interdependent privacy.
17
Bagheri, Hamid, Alireza Sadeghi, Joshua Garcia, and Sam Malek. "COVERT: Compositional Analysis of Android Inter-App Permission Leakage." IEEE Transactions on Software Engineering 41, no. 9 (September 1, 2015): 866–86. http://dx.doi.org/10.1109/tse.2015.2419611.
Full text
18
Demissie, Biniam Fisseha, Mariano Ceccato, and Lwin Khin Shar. "Security analysis of permission re-delegation vulnerabilities in Android apps." Empirical Software Engineering 25, no. 6 (September 15, 2020): 5084–136. http://dx.doi.org/10.1007/s10664-020-09879-8.
Full textAbstract:
Abstract The Android platform facilitates reuse of app functionalities by allowing an app to request an action from another app through inter-process communication mechanism. This feature is one of the reasons for the popularity of Android, but it also poses security risks to the end users because malicious, unprivileged apps could exploit this feature to make privileged apps perform privileged actions on behalf of them. In this paper, we investigate the hybrid use of program analysis, genetic algorithm based test generation, natural language processing, machine learning techniques for precise detection of permission re-delegation vulnerabilities in Android apps. Our approach first groups a large set of benign and non-vulnerable apps into different clusters, based on their similarities in terms of functional descriptions. It then generates permission re-delegation model for each cluster, which characterizes common permission re-delegation behaviors of the apps in the cluster. Given an app under test, our approach checks whether it has permission re-delegation behaviors that deviate from the model of the cluster it belongs to. If that is the case, it generates test cases to detect the vulnerabilities. We evaluated the vulnerability detection capability of our approach based on 1,258 official apps and 20 mutated apps. Our approach achieved 81.8% recall and 100% precision. We also compared our approach with two static analysis-based approaches — Covert and IccTA — based on 595 open source apps. Our approach detected 30 vulnerable apps whereas Covert detected one of them and IccTA did not detect any. Executable proof-of-concept attacks generated by our approach were reported to the corresponding app developers.
19
Smullen, Daniel, Yuanyuan Feng, Shikun Aerin Zhang, and Norman Sadeh. "The Best of Both Worlds: Mitigating Trade-offs Between Accuracy and User Burden in Capturing Mobile App Privacy Preferences." Proceedings on Privacy Enhancing Technologies 2020, no. 1 (January 1, 2020): 195–215. http://dx.doi.org/10.2478/popets-2020-0011.
Full textAbstract:
AbstractIn today’s data-centric economy, data flows are increasingly diverse and complex. This is best exemplified by mobile apps, which are given access to an increasing number of sensitive APIs. Mobile operating systems have attempted to balance the introduction of sensitive APIs with a growing collection of permission settings, which users can grant or deny. The challenge is that the number of settings has become unmanageable. Yet research also shows that existing settings continue to fall short when it comes to accurately capturing people’s privacy preferences. An example is the inability to control mobile app permissions based on the purpose for which an app is requesting access to sensitive data. In short, while users are already overwhelmed, accurately capturing their privacy preferences would require the introduction of an even greater number of settings. A promising approach to mitigating this trade-off lies in using machine learning to generate setting recommendations or bundle some settings. This article is the first of its kind to offer a quantitative assessment of how machine learning can help mitigate this trade-off, focusing on mobile app permissions. Results suggest that it is indeed possible to more accurately capture people’s privacy preferences while also reducing user burden.
20
Gao, Hongcan, Chenkai Guo, Guangdong Bai, Dengrong Huang, Zhen He, Yanfeng Wu, and Jing Xu. "Sharing runtime permission issues for developers based on similar-app review mining." Journal of Systems and Software 184 (February 2022): 111118. http://dx.doi.org/10.1016/j.jss.2021.111118.
Full text
21
Namrud, Zakeya, Segla Kpodjedo, Ahmed Bali, and Chamseddine Talhi. "Deep-Layer Clustering to Identify Permission Usage Patterns of Android App Categories." IEEE Access 10 (2022): 24240–54. http://dx.doi.org/10.1109/access.2022.3156083.
Full text
22
Degirmenci, Kenan. "Mobile users’ information privacy concerns and the role of app permission requests." International Journal of Information Management 50 (February 2020): 261–72. http://dx.doi.org/10.1016/j.ijinfomgt.2019.05.010.
Full text
23
Dhanya Pramod, Manisha Patil,. "Enhancing Android Framework Used to Detect Unexpected Permission Authorization of Mobile Application." Tuijin Jishu/Journal of Propulsion Technology 44, no. 3 (September 11, 2023): 998–1005. http://dx.doi.org/10.52783/tjjpt.v44.i3.420.
Full textAbstract:
The use of mobile devices is expanding daily in today's technological age. Mobile marketplaces are constantly providing an expanding selection of mobile applications to satisfy the demands of smartphone users. Many Android applications fall short in their attempts to adequately address security-related issues. This is usually brought on by a lack of automated methods for permission-based vulnerability discovery, testing, and resolution during early design and development phases. As a result, it is generally agreed that addressing such issues quickly is preferable to sending updates and fixes for already-released apps.A proactive set of permissions declared by mobile app developers can protect users’ data privacy is the research concern here. This paper reviews the AndRev-Android framework functionality and its envisioned purpose. The researcher tried to justify the research questions raised by the experts, which will add value to future researchers in this domain.
24
Akbar, Fahad, Mehdi Hussain, Rafia Mumtaz, Qaiser Riaz, Ainuddin Wahid Abdul Wahab, and Ki-Hyun Jung. "Permissions-Based Detection of Android Malware Using Machine Learning." Symmetry 14, no. 4 (April 2, 2022): 718. http://dx.doi.org/10.3390/sym14040718.
Full textAbstract:
Malware applications (Apps) targeting mobile devices are widespread, and compromise the sensitive and private information stored on the devices. This is due to the asymmetry between informative permissions and irrelevant and redundant permissions for benign Apps. It also depends on the characteristics of the Android platform, such as adopting an open-source policy, supporting unofficial App stores, and the great tolerance for App verification; therefore the Android platform is destined to face such malicious intrusions. In this paper, we propose a permissions-based malware detection system (PerDRaML) that determines the App’s maliciousness based on the usage of suspicious permissions. The system uses a multi-level based methodology; we first extract and identify the significant features such as permissions, smali sizes, and permission rates from a manually collected dataset of 10,000 applications. Further, we employ various machine learning models to categorize the Apps into their malicious or benign categories. Through extensive experimentations, the proposed method successfully identifies the 5× most significant features to predict malicious Apps. The proposed method outperformed the existing techniques by achieving high accuracies of malware detection i.e., 89.7% with Support Vector Machine, 89.96% with Random Forest, 86.25% with Rotation Forest, and 89.52% with Naïve Bayes models. Moreover, the proposed method optimized up to ~77% of the feature set as compared to the recent approaches, while improving the evaluation metrics such as precision, sensitivity, accuracy, and F-measure. The experimental results show that the proposed system provides a high level of symmetry between irrelevant permissions and malware Apps. Further, the proposed system is promising and may provide a low-cost alternative for Android malware detection for malicious or repackaged Apps.
25
Ismail, Qatrunnada, Tousif Ahmed, Kelly Caine, Apu Kapadia, and Michael Reiter. "To Permit or Not to Permit, That is the Usability Question: Crowdsourcing Mobile Apps’ Privacy Permission Settings." Proceedings on Privacy Enhancing Technologies 2017, no. 4 (October 1, 2017): 119–37. http://dx.doi.org/10.1515/popets-2017-0041.
Full textAbstract:
Abstract Millions of apps available to smartphone owners request various permissions to resources on the devices including sensitive data such as location and contact information. Disabling permissions for sensitive resources could improve privacy but can also impact the usability of apps in ways users may not be able to predict. We study an efficient approach that ascertains the impact of disabling permissions on the usability of apps through large-scale, crowdsourced user testing with the ultimate goal of making recommendations to users about which permissions can be disabled for improved privacy without sacrificing usability. We replicate and significantly extend previous analysis that showed the promise of a crowdsourcing approach where crowd workers test and report back on various configurations of an app. Through a large, between-subjects user experiment, our work provides insight into the impact of removing permissions within and across different apps (our participants tested three apps: Facebook Messenger (N=218), Instagram (N=227), and Twitter (N=110)). We study the impact of removing various permissions within and across apps, and we discover that it is possible to increase user privacy by disabling app permissions while also maintaining app usability.
26
Er-Rajy, Latifa, My Ahmed El Kiram, and Mohamed El Ghazouani. "Estimate Risks Eate for Android Applications Using Android Permissions." International Journal of Mobile Computing and Multimedia Communications 12, no. 4 (October 2021): 1–15. http://dx.doi.org/10.4018/ijmcmc.289162.
Full textAbstract:
In recent years, Android becomes the first target for hackers and malware developers, due to his inefficient permission model. In this article, we introduce our tool called PerUpSecure to manage permissions requested by Android applications, calculate the risk rates and display the results to the user, in order to help him to make a better decision. Thanks to our PerUpSecure, user will be able to install only the trusted application. As far as we know, the other existing tools focus only on measuring app risk after being installed, and not before as our tool does. Therefore, to evaluate our tool, we selected two different applications sets. The results show that our tool can produce the most trustworthy risk rate to prevent and detect potential malicious activities performed by malware.
27
Zebua, Taronisokhi, Rivalry Kristianto Hondro, and Eferoni Ndruru. "Message Security on Chat App based on Massey Omura Algorithm." IJISTECH (International Journal Of Information System & Technology) 1, no. 2 (May 25, 2018): 16. http://dx.doi.org/10.30645/ijistech.v1i2.11.
Full textAbstract:
Security of message on chat apps is very important to do so that messages that distributed always safety for others who do not have access permission. However, not all chat apps currently have tools that used to secure messages. This is still often overlooked, thus providing an easy space for the attackers to hack messages that are distributed. This research explains the usage of the massey-omura algorithm to secure text type message in chat apps when message distributed
28
Yuan, Hongli, and Yongchuan Tang. "MADFU: An Improved Malicious Application Detection Method Based on Features Uncertainty." Entropy 22, no. 7 (July 20, 2020): 792. http://dx.doi.org/10.3390/e22070792.
Full textAbstract:
Millions of Android applications (apps) are widely used today. Meanwhile, the number of malicious apps has increased exponentially. Currently, there are many security detection technologies for Android apps, such as static detection and dynamic detection. However, the uncertainty of the features in detection is not considered sufficiently in these technologies. Permissions play an important role in the security detection of Android apps. In this paper, a malicious application detection model based on features uncertainty (MADFU) is proposed. MADFU uses logistic regression function to describe the input (permissions) and output (labels) relationship. Moreover, it uses the Markov chain Monte Carlo (MCMC) algorithm to solve features’ uncertainty. After experimenting with 2037 samples, for malware detection, MADFU achieves an accuracy of up to 95.5%, and the false positive rate (FPR) is 1.2%. MADFU’s Android app detection accuracy is higher than the accuracy of directly using 24 dangerous permission. The results also indicate that the method for an unknown/new sample’s detection accuracy is 92.7%. Compared to other state-of-the-art approaches, the proposed method is more effective and efficient, by detecting malware.
29
Zhang, Shijia, Yilin Liu, and Mahanth Gowda. "I Spy You." Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 6, no. 4 (December 21, 2022): 1–31. http://dx.doi.org/10.1145/3569486.
Full textAbstract:
This paper presents iSpyU, a system that shows the feasibility of recognition of natural speech content played on a phone during conference calls (Skype, Zoom, etc) using a fusion of motion sensors such as accelerometer and gyroscope. While microphones require permissions from the user to be accessible by an app developer, the motion sensors are zero-permission sensors, thus accessible by a developer without alerting the user. This allows a malicious app to potentially eavesdrop on sensitive speech content played by the user's phone. In designing the attack, iSpyU tackles a number of technical challenges including: (i) Low sampling rate of motion sensors (500 Hz in comparison to 44 kHz for a microphone). (ii) Lack of availability of large-scale training datasets to train models for Automatic Speech Recognition (ASR) with motion sensors. iSpyU systematically addresses these challenges by a combination of techniques in synthetic training data generation, ASR modeling, and domain adaptation. Extensive measurement studies on modern smartphones show a word level accuracy of 53.3 - 59.9% over a dictionary of 2000-10000 words, and a character level accuracy of 70.0 - 74.8%. We believe such levels of accuracy poses a significant threat when viewed from a privacy perspective.
30
Zhang, Shikun, Yuanyuan Feng, Yaxing Yao, Lorrie Faith Cranor, and Norman Sadeh. "How Usable Are iOS App Privacy Labels?" Proceedings on Privacy Enhancing Technologies 2022, no. 4 (October 2022): 204–28. http://dx.doi.org/10.56553/popets-2022-0106.
Full textAbstract:
Standardized privacy labels that succinctly summarize those data practices that people are most commonly concerned about offer the promise of providing users with more effective privacy notices than full-length privacy policies. With their introduction by Apple in iOS 14 and Google’s recent adoption in its Play Store, mobile app privacy labels are for the first time available at scale to users. We report the first indepth interview study with 24 lay iPhone users to investigate their experiences, understanding, and perceptions of Apple’s privacy labels. We uncovered misunderstandings of and dissatisfaction with the iOS privacy labels that hinder their effectiveness, including confusing structure, unfamiliar terms, and disconnection from permission settings and controls. We identify areas where app privacy labels might be improved and propose suggestions to address shortcomings to make them more understandable, usable, and useful.
31
Olukoya, Oluwafemi, Lewis Mackenzie, and Inah Omoronyia. "Security-oriented view of app behaviour using textual descriptions and user-granted permission requests." Computers & Security 89 (February 2020): 101685. http://dx.doi.org/10.1016/j.cose.2019.101685.
Full text
32
Ramamurthy, Madhumitha. "Fraudster Mobile Apps Detector in Google Playstore." Journal of Computational and Theoretical Nanoscience 17, no. 4 (April 1, 2020): 1752–57. http://dx.doi.org/10.1166/jctn.2020.8437.
Full textAbstract:
The identification of the fraudulent app in Google playstore is determined by users only by executing apps and by analyzing permission. An app which has higher rating, ranking and good reviews in Google playstore may attract more users to download and can also be ranked higher in the leader board. The rating, ranking and reviews are not always real to believe that an app is a legitimate one. Some fraudulent developers boost their apps dishonestly in Google playstore. Hence in this paper, we propose a method to detect the fraud app in Google playstore by aggregating the three evidences in the playstore such as ranking, reviews and rating of of the particular app. Thus by aggregating entire activities of leading apps, it can achieve accuracy in classifying standard datasets of fraudulent and legitimate apps.
33
Pan, Elleen, Jingjing Ren, Martina Lindorfer, Christo Wilson, and David Choffnes. "Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications." Proceedings on Privacy Enhancing Technologies 2018, no. 4 (October 1, 2018): 33–50. http://dx.doi.org/10.1515/popets-2018-0030.
Full textAbstract:
Abstract The high-fidelity sensors and ubiquitous internet connectivity offered by mobile devices have facilitated an explosion in mobile apps that rely on multimedia features. However, these sensors can also be used in ways that may violate user’s expectations and personal privacy. For example, apps have been caught taking pictures without the user’s knowledge and passively listened for inaudible, ultrasonic audio beacons. The developers of mobile device operating systems recognize that sensor data is sensitive, but unfortunately existing permission models only mitigate some of the privacy concerns surrounding multimedia data. In this work, we present the first large-scale empirical study of media permissions and leaks from Android apps, covering 17,260 apps from Google Play, AppChina, Mi.com, and Anzhi. We study the behavior of these apps using a combination of static and dynamic analysis techniques. Our study reveals several alarming privacy risks in the Android app ecosystem, including apps that over-provision their media permissions and apps that share image and video data with other parties in unexpected ways, without user knowledge or consent. We also identify a previously unreported privacy risk that arises from third-party libraries that record and upload screenshots and videos of the screen without informing the user and without requiring any permissions.
34
Kim, Minki, Daehan Kim, Changha Hwang, Seongje Cho, Sangchul Han, and Minkyu Park. "Machine-Learning-Based Android Malware Family Classification Using Built-In and Custom Permissions." Applied Sciences 11, no. 21 (November 1, 2021): 10244. http://dx.doi.org/10.3390/app112110244.
Full textAbstract:
Malware family classification is grouping malware samples that have the same or similar characteristics into the same family. It plays a crucial role in understanding notable malicious patterns and recovering from malware infections. Although many machine learning approaches have been devised for this problem, there are still several open questions including, “Which features, classifiers, and evaluation metrics are better for malware familial classification”? In this paper, we propose a machine learning approach to Android malware family classification using built-in and custom permissions. Each Android app must declare proper permissions to access restricted resources or to perform restricted actions. Permission declaration is an efficient and obfuscation-resilient feature for malware analysis. We developed a malware family classification technique using permissions and conducted extensive experiments with several classifiers on a well-known dataset, DREBIN. We then evaluated the classifiers in terms of four metrics: macrolevel F1-score, accuracy, balanced accuracy (BAC), and the Matthews correlation coefficient (MCC). BAC and the MCC are known to be appropriate for evaluating imbalanced data classification. Our experimental results showed that: (i) custom permissions had a positive impact on classification performance; (ii) even when the same classifier and the same feature information were used, there was a difference up to 3.67% between accuracy and BAC; (iii) LightGBM and AdaBoost performed better than other classifiers we considered.
35
Lee, Han Seong, and Hyung-Woo Lee. "Mepelyzer : Malicious App Identification Mechanism based on Method & Permission Similarity Analysis of Server-Side Polymorphic Mobile Apps." Journal of the Korea Convergence Society 8, no. 3 (March 28, 2017): 49–61. http://dx.doi.org/10.15207/jkcs.2017.8.3.049.
Full text
36
Mehrnezhad, Maryam, and Ehsan Toreini. "What Is This Sensor and Does This App Need Access to It?" Informatics 6, no. 1 (January 24, 2019): 7. http://dx.doi.org/10.3390/informatics6010007.
Full textAbstract:
Mobile sensors have already proven to be helpful in different aspects of people’s everyday lives such as fitness, gaming, navigation, etc. However, illegitimate access to these sensors results in a malicious program running with an exploit path. While the users are benefiting from richer and more personalized apps, the growing number of sensors introduces new security and privacy risks to end users and makes the task of sensor management more complex. In this paper, first, we discuss the issues around the security and privacy of mobile sensors. We investigate the available sensors on mainstream mobile devices and study the permission policies that Android, iOS and mobile web browsers offer for them. Second, we reflect the results of two workshops that we organized on mobile sensor security. In these workshops, the participants were introduced to mobile sensors by working with sensor-enabled apps. We evaluated the risk levels perceived by the participants for these sensors after they understood the functionalities of these sensors. The results showed that knowing sensors by working with sensor-enabled apps would not immediately improve the users’ security inference of the actual risks of these sensors. However, other factors such as the prior general knowledge about these sensors and their risks had a strong impact on the users’ perception. We also taught the participants about the ways that they could audit their apps and their permissions. Our findings showed that when mobile users were provided with reasonable choices and intuitive teaching, they could easily self-direct themselves to improve their security and privacy. Finally, we provide recommendations for educators, app developers, and mobile users to contribute toward awareness and education on this topic.
37
Yang†, Yucheng, Jack West†, George K. Thiruvathukal, Neil Klingensmith, and Kassem Fawaz. "Are You Really Muted?: A Privacy Analysis of Mute Buttons in Video Conferencing Apps." Proceedings on Privacy Enhancing Technologies 2022, no. 3 (July 2022): 373–93. http://dx.doi.org/10.56553/popets-2022-0077.
Full textAbstract:
Video conferencing apps (VCAs) make it possible for previously private spaces — bedrooms, living rooms, and kitchens — into semi-public extensions of the office. For the most part, users have accepted these apps in their personal space without much thought about the permission models that govern the use of their private data during meetings. While access to a device’s video camera is carefully controlled, little has been done to ensure the same level of privacy for accessing the microphone. In this work, we ask the question: what happens to the microphone data when a user clicks the mute button in a VCA? We first conduct a user study to analyze users’ understanding of the permission model of the mute button. Then, using runtime binary analysis tools, we trace raw audio flow in many popular VCAs as it traverses the app from the audio driver to the network. We find fragmented policies for dealing with microphone data among VCAs — some continuously monitor the microphone input during mute, and others do so periodically. One app transmits statistics of the audio to its telemetry servers while the app is muted. Using network traffic that we intercept en route to the telemetry server, we implement a proof-of-concept background activity classifier and demonstrate the feasibility of inferring the ongoing background activity during a meeting — cooking, cleaning, typing, etc. We achieved 81.9% macro accuracy on identifying six common background activities using intercepted outgoing telemetry packets when a user is muted.
38
Abdullah, Zubaile, and Madihah Mohd Saudi. "RAPID-Risk Assessment of Android Permission and Application Programming Interface (API) Call for Android Botnet." International Journal of Engineering & Technology 7, no. 4.15 (October 7, 2018): 49. http://dx.doi.org/10.14419/ijet.v7i4.15.21370.
Full textAbstract:
Android applications may pose risks to smartphone users. Most of the current security countermeasures for detecting dangerous apps show some weaknesses. In this paper, a risk assessment method is proposed to evaluate the risk level of Android apps in terms of confidentiality (privacy), integrity (financial) and availability (system). The proposed research performs mathematical analysis of an app and returns a single easy to understand evaluation of the app’s risk level (i.e., Very Low, Low, Moderate, High, and Very High). These schemes have been tested on 2488 samples coming from Google Play and Android botnet dataset. The results show a good accuracy in both identifying the botnet apps and in terms of risk level.
39
Han, Catherine, Irwin Reyes, Álvaro Feal, Joel Reardon, Primal Wijesekera, Narseo Vallina-Rodriguez, Amit Elazari, Kenneth A. Bamberger, and Serge Egelman. "The Price is (Not) Right: Comparing Privacy in Free and Paid Apps." Proceedings on Privacy Enhancing Technologies 2020, no. 3 (July 1, 2020): 222–42. http://dx.doi.org/10.2478/popets-2020-0050.
Full textAbstract:
AbstractIt is commonly assumed that “free” mobile apps come at the cost of consumer privacy and that paying for apps could offer consumers protection from behavioral advertising and long-term tracking. This work empirically evaluates the validity of this assumption by comparing the privacy practices of free apps and their paid premium versions, while also gauging consumer expectations surrounding free and paid apps. We use both static and dynamic analysis to examine 5,877 pairs of free Android apps and their paid counterparts for differences in data collection practices and privacy policies between pairs. To understand user expectations for paid apps, we conducted a 998-participant online survey and found that consumers expect paid apps to have better security and privacy behaviors. However, there is no clear evidence that paying for an app will actually guarantee protection from extensive data collection in practice. Given that the free version had at least one thirdparty library or dangerous permission, respectively, we discovered that 45% of the paid versions reused all of the same third-party libraries as their free versions, and 74% of the paid versions had all of the dangerous permissions held by the free app. Likewise, our dynamic analysis revealed that 32% of the paid apps exhibit all of the same data collection and transmission behaviors as their free counterparts. Finally, we found that 40% of apps did not have a privacy policy link in the Google Play Store and that only 3.7% of the pairs that did reflected differences between the free and paid versions.
40
NEAMTIU, IULIAN, XUETAO WEI, MICHALIS FALOUTSOS, LORENZO GOMEZ, TANZIRUL AZIM, YONGJIAN HU, and ZHIYONG SHAN. "Improving Smartphone Security and Reliability." Journal of Interconnection Networks 17, no. 01 (March 2017): 1740002. http://dx.doi.org/10.1142/s0219265917400023.
Full textAbstract:
Users are increasingly relying on smartphones, hence concerns such as mobile app security, privacy, and correctness have become increasingly pressing. Software analysis has been successful in tackling many such concerns, albeit on other platforms, such as desktop and server. To fill this gap, he have developed infrastructural tools that permit a wide range of software analyses for the Android smartphone platform. Developing these tools has required surmounting many challenges unique to the smartphone platform: dealing with input non-determinism in sensor-oriented apps, non-standard control ow, low-overhead yet high-fidelity record-and-replay. Our tools can analyze substantial, widely-popular apps running directly on smartphones, and do not require access to the app’s source code. We will first present two tools (automated exploration, record-and-replay) that increase Android app reliability by allowing apps to be explored automatically, and bugs replayed or isolated. Next, we present several security applications of our infrastructure: a permission evolution study on the Android ecosystem; understanding and quantifying the risk posed by URL accesses in benign and malicious apps; app profiling to summarize app behavior; and Moving Target Defense for thwarting attacks.
41
Pramestya, Komang Dea, and Putu Tuni Cakabawa Landra. "PERLINDUNGAN HUKUM ATAS KARYA SINEMATOGRAFI YANG DISEBARLUASKAN TANPA IZIN MELALUI APLIKASI TELEGRAM." Kertha Semaya : Journal Ilmu Hukum 10, no. 7 (June 2, 2022): 1587. http://dx.doi.org/10.24843/ks.2022.v10.i07.p10.
Full textAbstract:
Penelitian ini dilakukan dengan tujuan yaitu untuk memahami lebih dalam tentang perlindungan terhadap karya sinematografi yang disebarluaskan tanpa izin melalui aplikasi telegram dan untuk mengetahui sanksi bagi oknum yang melakukan pembajakan. Kajian ini tergolong sebagai penelitian hukum normatif yang secara spesifik merupakan penelitian terhadap hukum dalam kedudukannya sebagai norma. Penulis mengkaji dengan Statue Approach atau pendekatan berdasarkan perundang-undangan yang dalam hal ini berkaitan dengan Hak Cipta dan dengan menganalisis Konsep Hukum. Berdasarkan hasil dari analisis menunjukkan bahwa film sebagai karya sinematografi yang disebarluaskan ke aplikasi telegram dilindungi oleh hak cipta seperti diatur dalam Undang-Undang Hak Cipta yang secara spesifik diatur dalam ayat (1) huruf m pada Pasal 40 dan pengertian pembajakan juga diatur ketentuannya dalam Pasal 1 angka 23, meskipun dalam pengertian pembajakan tersebut masih menunjukkan norma kabur. Karya sinematografi yang disebarluaskan tanpa izin melalui aplikasi telegram akan mendapat sanksi hukum dengan cara mengajukan gugatan seperti diatur ketentuannya dalam Undang-Undang Hak Cipta.
This research was conducted with the aim of understanding about the protection of cinematographic works those are distributed without permission through Telegram App and to find out the sanctions for piracy. This study is classified as a normative legal research, specifically law research by its position as the norm. The author examines with Statute Approach or an approach based on legislation which in this case relates to copyright and by analyzing Legal Concepts. Based on the result of the analysis shows that the movie as cinematographic works those are distributed through Telegram App are protected by copyright as regulated in the Copyright Act which is specifically regulated in paragraph (1) letter m of Article 40 and the definition of piracy, which also regulated in Article 1 number 23, eventhough in that definition of piracy still shows a vague norm. Cinematographic works those are distributed without permission through Telegram App will be subject to legal sanctions by filling a claim as stipulated in the Copyright Act.
42
Nakrys, Marius, Sarunas Valinskas, Kasparas Aleknavicius, and Justinas Jonusas. "Pilot Investigation of Blood Pressure Control Using a Mobile App (Cardi.Health): Retrospective Chart Review Study." JMIR Cardio 7 (October 17, 2023): e48454. http://dx.doi.org/10.2196/48454.
Full textAbstract:
Background The high prevalence of hypertension necessitates effective, scalable interventions for blood pressure (BP) control. Self-monitoring has shown improved adherence to medication and better BP management. Mobile apps offer a promising approach with their increasing popularity and potential for large-scale implementation. Studies have demonstrated associations between mobile app interventions and lowered BP, yet real-world data on app effectiveness and engagement remain limited. Objective In this study, we analyzed real-world user data from the Cardi.Health mobile app, which is aimed at helping its users monitor and control their BP. Our goal was to find out whether there is an association between the use of the mobile app and a decrease in BP. Additionally, the study explored how engagement with the app may influence this outcome. Methods This was a retrospective chart review study. The initial study population comprised 4407 Cardi.Health users who began using the app between January 2022 and April 2022. After applying inclusion criteria, the final study cohort comprised 339 users with elevated BP at the baseline. The sample consisted of 108 (31.9%) men and 231 (68.1%) women (P=.04). This retrospective chart review study obtained permission from the Biomedical Research Alliance of New York Institutional Review Board (June 2022, registration ID 22-08-503-939). Results The study’s main findings were that there is a possible relationship between use of the Cardi.Health mobile app and a decrease in systolic BP. Additionally, there was a significant association between active use of the app and systolic BP decrease (χ21=5.311; P=.02). Finally, active users had an almost 2 times greater chance of reducing systolic BP by 5 mm Hg or more over 4 weeks (odds ratio 1.932, 95% CI 1.074-3.528; P=.03). Conclusions This study shows a possible relationship between Cardi.Health mobile app use and decreased BP. Additionally, engagement with the app may be related to better results—active use was associated with an almost 2-fold increase in the odds of reducing BP by 5 or more mm Hg.
43
Wahsheh, Heider A. M., and Flaminia L. Luccio. "Security and Privacy of QR Code Applications: A Comprehensive Study, General Guidelines and Solutions." Information 11, no. 4 (April 16, 2020): 217. http://dx.doi.org/10.3390/info11040217.
Full textAbstract:
The widespread use of smartphones is boosting the market take-up of dedicated applications and among them, barcode scanning applications. Several barcodes scanners are available but show security and privacy weaknesses. In this paper, we provide a comprehensive security and privacy analysis of 100 barcode scanner applications. According to our analysis, there are some apps that provide security services including checking URLs and adopting cryptographic solutions, and other apps that guarantee user privacy by supporting least privilege permission lists. However, there are also apps that deceive the users by providing security and privacy protections that are weaker than what is claimed. We analyzed 100 barcode scanner applications and we categorized them based on the real security features they provide, or on their popularity. From the analysis, we extracted a set of recommendations that developers should follow in order to build usable, secure and privacy-friendly barcode scanning applications. Based on them, we also implemented BarSec Droid, a proof of concept Android application for barcode scanning. We then conducted a user experience test on our app and we compared it with DroidLa, the most popular/secure QR code reader app. The results show that our app has nice features, such as ease of use, provides security trust, is effective and efficient.
44
Zakariya, R. Ahmad Imanullah, and Kalamullah Ramli. "Desain Penilaian Risiko Privasi pada Aplikasi Seluler Melalui Model Machine Learning Berbasis Ensemble Learning dan Multiple Application Attributes." Jurnal Teknologi Informasi dan Ilmu Komputer 10, no. 4 (August 30, 2023): 831. http://dx.doi.org/10.25126/jtiik.20241047029.
Full textAbstract:
<p>Aplikasi berbasis Android banyak dikembangkan dan tersedia secara bebas di berbagai sumber aplikasi karena sistem operasi Android yang bersifat open-source. Namun, tidak semua penyedia aplikasi memberikan informasi detail mengenai aspek keamanan aplikasi, sehingga pengguna mengalami kesulitan untuk menilai dan memahami risiko keamanan privasi yang mereka hadapi. Pada penelitian ini kami mengusulkan desain penilaian risiko privasi melalui pendekatan analisis <em>permission</em> dan informasi atribut aplikasi. Kami menggunakan <em>ensemble learning</em> untuk mengatasi kelemahan dari penggunaan model klasifikasi tunggal. Penilaian <em>likelihood</em> dilakukan dengan mengombinasikan prediksi <em>ensemble learning</em> dan informasi <em>multiple application attributes</em>, sementara penilaian <em>severity</em> dilakukan dengan memanfaatkan jumlah dan karakteristik <em>permission</em>. Sebuah matriks risiko dibentuk untuk menghitung nilai risiko privasi aplikasi dan d<em>ataset</em> CIC-AndMal2017 digunakan untuk mengevaluasi model <em>ensemble learning</em> dan desain penilaian risiko privasi. Hasil percobaan menunjukkan bahwa penerapan <em>ensemble learning</em> dengan algoritma klasifikasi Decision Tree (DT), K-Nearest Neighbor (KNN), dan Random Forest (RF) memiliki performa model yang lebih baik dibandingkan dengan menggunakan algoritma klasifikasi tunggal, dengan <em>accuracy </em>sebesar 95.2%, nilai <em>precision </em>93.2%, nilai <em>F1-score </em>92.4%, dan <em>True Negative Rate</em> (TNR) sebesar 97.6%. Serta, desain penilaian risiko mampu menilai aplikasi secara efektif dan objektif.</p><p> </p><p><em><strong>Abstract</strong></em><strong></strong></p><p><em><em>Since the Android operating system is open-source, many Android-based applications are developed and freely available in app stores. However, not all developers of applications supply detailed information about the app's security aspects, making it difficult for users to assess and understand the risk of privacy breaches they confront. We propose a privacy risk assessment design in this study using an analytical approach to app permissions and attribute information. We use ensemble learning to overcome the drawbacks of using a single classification model. The likelihood assessment is performed by combining ensemble learning predictions and information on multiple application attributes, while the severity assessment is performed by utilizing the number and characteristics of permissions. A risk matrix was created to calculate the value of application privacy risk, and the CIC-AndMal2017 dataset was used to evaluate the ensemble learning model and privacy risk assessment designs. The experimental results show that the application of ensemble learning with the Decision Tree (DT), K-Nearest Neighbor (KNN), and Random Forest (RF) classification algorithms provides better model performance compared to using a single classification algorithm, with an accuracy of 95.2%, a precision value of 93.2%, a F1-score of 92.4%, and a True Negative Rate (TNR) of 97.6%. In addition, the risk assessment design can to assess the application effectively and objectively.</em> </em></p>
45
Harkous, Hamza, Rameez Rahman, Bojan Karlas, and Karl Aberer. "The Curious Case of the PDF Converter that Likes Mozart: Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps." Proceedings on Privacy Enhancing Technologies 2016, no. 4 (October 1, 2016): 123–43. http://dx.doi.org/10.1515/popets-2016-0032.
Full textAbstract:
AbstractThird party apps that work on top of personal cloud services, such as Google Drive and Drop-box, require access to the user’s data in order to provide some functionality. Through detailed analysis of a hundred popular Google Drive apps from Google’s Chrome store, we discover that the existing permission model is quite often misused: around two-thirds of analyzed apps are over-privileged, i.e., they access more data than is needed for them to function. In this work, we analyze three different permission models that aim to discourage users from installing over-privileged apps. In experiments with 210 real users, we discover that the most successful permission model is our novel ensemble method that we call Far-reaching Insights. Far-reaching Insights inform the users about the data-driven insights that apps can make about them (e.g., their topics of interest, collaboration and activity patterns etc.) Thus, they seek to bridge the gap between what third parties can actually know about users and users’ perception of their privacy leakage. The efficacy of Far-reaching Insights in bridging this gap is demonstrated by our results, as Far-reaching Insights prove to be, on average, twice as effective as the current model in discouraging users from installing over-privileged apps. In an effort to promote general privacy awareness, we deployed PrivySeal, a publicly available privacy-focused app store that uses Far-reaching Insights. Based on the knowledge extracted from data of the store’s users (over 115 gigabytes of Google Drive data from 1440 users with 662 installed apps), we also delineate the ecosystem for 3rd party cloud apps from the standpoint of developers and cloud providers. Finally, we present several general recommendations that can guide other future works in the area of privacy for the cloud. To the best of our knowledge, ours is the first work that tackles the privacy risk posed by 3rd party apps on cloud platforms in such depth.
46
Pradeep, Amogh, Álvaro Feal, Julien Gamba, Ashwin Rao, Martina Lindorfer, Narseo Vallina-Rodriguez, and David Choffnes. "Not Your Average App: A Large-scale Privacy Analysis of Android Browsers." Proceedings on Privacy Enhancing Technologies 2023, no. 1 (January 2023): 29–46. http://dx.doi.org/10.56553/popets-2023-0003.
Full textAbstract:
The transparency and privacy behavior of mobile browsers has remained widely unexplored by the research community. In fact, as opposed to regular Android apps, mobile browsers may present contradicting privacy behaviors. On the one end, they can have access to (and can expose) a unique combination of sensitive user data, from users’ browsing history to permission-protected personally identifiable information (PII) such as unique identifiers and geolocation. However, on the other end, they also are in a unique position to protect users’ privacy by limiting data sharing with other parties by implementing ad-blocking features. In this paper, we perform a comparative and empirical analysis on how hundreds of Android web browsers protect or expose user data during browsing sessions. To this end, we collect the largest dataset of Android browsers to date, from the Google Play Store and four Chinese app stores. Then, we developed a novel analysis pipeline that combines static and dynamic analysis methods to find a wide range of privacy-enhancing (e.g., ad-blocking) and privacy-harming behaviors (e.g., sending browsing histories to third parties, not validating TLS certificates, and exposing PII---including non-resettable identifiers---to third parties) across browsers. We find that various popular apps on both Google Play and Chinese stores have these privacy-harming behaviors, including apps that claim to be privacy-enhancing in their descriptions. Overall, our study not only provides new insights into important yet overlooked considerations for browsers’ adoption and transparency, but also that automatic app analysis systems (e.g., sandboxes) need context-specific analysis to reveal such privacy behaviors.
47
Lipson-Smith, R., F. White, G. Cooper, L. Serong, A. White, and A. Hyatt. "Harnessing Smartphone Technology to Improve Patient Engagement: Codesigning and Testing The SecondEars Consultation Audio Recording App for People With Cancer." Journal of Global Oncology 4, Supplement 2 (October 1, 2018): 109s. http://dx.doi.org/10.1200/jgo.18.46900.
Full textAbstract:
Background: Oncology consultations can be overwhelming and information-dense. Consultation audio recordings are an effective method to promote patient participation, improve patients' recall and understanding of medical information, and can increase engagement and support through sharing with family and friends. Innovative m-health technologies such as the SecondEars consultation audio recording mobile app provide a patient-designed and controlled audio recording solution while ensuring security and legal protection for clinicians. To ensure the SecondEars app meets the needs of patients, family, clinicians and hospital administrators, the opinions of stakeholders and end users are integral to the concept and study creation, design, and testing processes. Aim: To use key elements of codesign methodology to develop and test SecondEars, a mobile app that allows patients to audio record their consultations within a clinical oncology setting. Methods: The SecondEars app concept began with consumer suggestions that consultation audio recording be used as standard practice of care using patient-driven (use is controlled/determined by patients) technologies. An app solution was conceived and the concept discussed through engagement of consumers as part of the project and research codesign team. Key health service stakeholders comprising representatives from: legal, information technology (IT), clinical service leads, digital strategy, and health information services (HIS), provided project oversight and core legal and data management requirements. The Scrum management framework was used to structure the codesign process during the development and testing phase. Six workshops were run to facilitate further user input with regard to specific app functionality and design. A wireframe version was developed and tested by the codesign team in the final workshop. Feedback was incorporated into a prototype which was circulated for acceptance testing. Results: Twenty people participated in the stakeholder engagement and workshops, comprising: oncology consumers, researchers, IT, HIS, app developers, and oncology health professionals. Key specifications necessitated that SecondEars be patient-driven, secure and confidential, have clear legal guidelines regarding audio recording sharing, be integrated with medical records, and require minimal upfront and ongoing resources. Seven people tested the prototype app during user acceptance testing and gave positive and constructive feedback. A final version of the app was then made available for clinical testing. Conclusion: The SecondEars consultation audio recording app has been successfully created by and for patients. This app gives patients permission and autonomy to audio record and share their consultations responsibly, while maintaining legal protection for clinicians. This app is currently being tested in a clinical setting prior to conducting an implementation study.
48
Bonnéry, D. B., L. S. Pretorius, A. E. C. Jooste, A. D. W. Geering, and C. A. Gilligan. "Rational design of a survey protocol for avocado sunblotch viroid in commercial orchards to demonstrate pest freedom." PLOS ONE 18, no. 4 (April 11, 2023): e0277725. http://dx.doi.org/10.1371/journal.pone.0277725.
Full textAbstract:
Avocado sunblotch viroid (ASBVd) is a subcellular pathogen of avocado that reduces yield from a tree, diminishes the appearance of the fruit by causing unsightly scarring and impedes trade because of quarantine conditions that are imposed to prevent spread of the pathogen via seed-borne inoculum. For countries where ASBVd is officially reported, permission to export fruit to another country may only be granted if an orchard can be demonstrated to be a pest free production site. The survey requirements to demonstrate pest freedom are usually defined in export protocols that have been mutually agreed upon by the trading partners. In this paper, we introduce a flexible statistical protocol for use in optimizing sampling strategies to establish pest free status from ASBVd in avocado orchards. The protocol, which is supported by an interactive app, integrates statistical considerations of multistage sampling of trees in orchards with a RT-qPCR assay allowing for detection of infection in pooled samples of leaves taken from multiple trees. While this study was motivated by a need to design a survey protocol for ASBVd, the theoretical framework and the accompanying app have broader applicability to a range of plant pathogens in which hierarchical sampling of a target population is coupled with pooling of material prior to diagnosis.
49
Merchant, Parth, Kshitij Patil, Nikhil Panchal, and Prof Sanketi Raut. "A Web Based App for Land Registry on Blockchain." International Journal for Research in Applied Science and Engineering Technology 10, no. 4 (April 30, 2022): 2505–13. http://dx.doi.org/10.22214/ijraset.2022.41831.
Full textAbstract:
Abstract: Property registration is a subject that hardly ever crosses the thoughts of most people outside of the actual property sector, besides for whilst they’re concerned in an actual property transaction themselves. Even then, it’s typically taken into consideration one of the mundane administrative matters, a rubber-stamping exercise that’s way much less tangibly thrilling than gathering the keys to a brand-new home. However, the critical role of property registration withinside the actual property markets cannot be understated. Property registry in India as well as in many parts of the world is very slow and cumbersome process. The onset of the Blockchain technology inside Bitcoin, has generated a super deal of hobby through displaying a possibility to remove the central floor wished and remodel verbal exchange among humans and machines through growing trust. Originally restrained to the included forex domain, it has created an impact on different sectors as well. Developing a system that now not only accelerates the technique of land registration, however additionally makes it less difficult for Buyers, Sellers and Government registrars to switch the land possession from vendor to a brand new client whilst addressing troubles which include file integrity, privacy, and most significantly the lack of common platforms among concerned organizations. The system that we're seeking to enforce is primarily based on Ethereum Blockchain that will store all the transactions made at some stage in the process of land ownership transfer. Using the idea of smart contracts of blockchain technology we are able to trigger diverse activities like access of land documents to a land inspector and fund transfer event from client to vendor after a successful verification of the land possession switch. Ultimately the motive of this idea is to check the general overall performance of a blockchain primarily based totally on land revenue & recording automation machines. A peer-to-peer tamper-proof and forgeproof network was used for this motive, the use of a Blockchain-accredited permission such as Ethereum network. The system is connected to the Interplanetary File System to manage secure document records. Using the system, validation of the lands is likewise viable as immutable transactions are being saved with inside the public ledger. Keywords: Blockchain, Ethereum, IPFS, Passport, peer-to-peer, decentralized, land record management
50
Jacobs, Susanne D., Margaret O. Johnson, Elizabeth S. Miller, Mallika Patel, and Mary L. Affronti. "INNV-15. OPTIMIZING THE ROLE OF THE ADVANCED PRACTICE PROVIDER IN THE MANAGEMENT OF A SINGLE PATIENT INVESTIGATIONAL NEW DRUG (IND)." Neuro-Oncology 25, Supplement_5 (November 1, 2023): v159. http://dx.doi.org/10.1093/neuonc/noad179.0604.
Full textAbstract:
Abstract BACKGROUND Single patient Investigational New Drug (IND) applications are a way through which experimental therapies may be accessed by patients with cancer especially if a clinical trial is not available. However, initiating and managing a single patient IND is complex. We will outline our approach used at an academic teaching center to leverage the skills and scope of practice of advanced practice providers (APPs) to facilitate successful initiation and monitoring of individual patients who may be receiving an investigational drug under a single patient IND. METHODS We describe a single case of a 52-year-old male with a left thalamic glioblastoma treated with standard of care and monitored off therapy from May 2021 until November 2022. Extended genomic profiling of his tumor at time of biopsy revealed a FGFR3-TACC3 fusion and MGMT promoter methylation, and the decision was made to pursue a single patient IND for anlotinib for use in combination with temozolomide. RESULTS Following permission from the US Food and Drug Administration (FDA) to proceed and IRB chair concurrence, the MD and APP conferred with the investigational and clinical pharmacists regarding procurement and dispensing of the drug, in addition to surveillance and associated toxicities. The APP obtained consent, collected data on monitoring parameters and adverse events, checked for drug interactions with the patient’s routine medications, ordered and reviewed all treatment related MRIs, labs, and EKGs, and coordinated with ophthalmology for baseline and monthly eye exams. Performance of initial and follow-up exams, ongoing toxicity review and management, and care coordination with the local oncology team were completed by the APP. CONCLUSION As first point of contact for the patient and family, the APP plays a key role in glioma research within the multidisciplinary team by providing ongoing symptom management, education, and monitoring for patients receiving investigational drugs.