Дисертації з теми "APP PERMISSION"

Mobile and web application security, particularly concerning the area of data privacy, has received much attention from the public in recent years. Most applications are installed without disclosing full information to users and clearly stating what they have access to. This often raises concerns when users become aware of unnecessary information being collected or stored. Unfortunately, most users have little to no technical knowledge in regard to what permissions should be granted and can only rely on their intuition and past experiences to make relatively uninformed decisions. DroidNet, a crowdsource based Android recommendation tool and framework, is a proposed avenue for the technically incapable. DroidNet alleviates privacy concerns and presents users with permission recommendations of high confidence based on the decisions from expert users on the network who are using the same applications. The framework combines an interactive user interface, used for data collection and presenting permission recommendations to users, with a transitional Bayesian inference model and multiple algorithms used for rating users based on their respective expertise levels. As a result, the recommendations that are provided to users are based on aggregated expert responses and their confidence levels. This work presents the completed DroidNet project in its entirety, including the implementation of the application, algorithms, and user interface itself. Additionally, this thesis presents and utilizes a unique collection of real-world data from actual Android users. The primary goal of this work is to evaluate the effectiveness and accuracy of DroidNet's recommendations and to show that regular mobile device users can benefit from crowdsourcing.

The two major smartphone platforms (Android and iOS) have more than two mil- lion mobile applications (apps) available from their respective app stores, and each store has seen more than 50 billion apps downloaded. Although apps provide desired functionality by accessing users’ personal information, they also access personal information for other purposes (e.g., advertising or profiling) that users may or may not desire. Users can exercise control over how apps access their personal information through permission managers. However, a permission manager alone might not be sufficient to help users manage their app privacy because: (1) privacy is typically a secondary task and thus users might not be motivated enough to take advantage of the permission manager’s functionality, and (2) even when using the permission manager, users often make suboptimal privacy decisions due to hurdles in decision making such as incomplete information, bounded rationality, and cognitive and behavioral biases. To address these two challenges, the theoretical framework of this dissertation is the concept of nudges: “soft paternalistic” behavioral interventions that do not restrict choice but account for decision making hurdles. Specifically, I designed app privacy nudges that primarily address the incomplete information hurdle. The nudges aim to help users make better privacy decisions by (1) increasing users’ awareness of privacy risks associated with apps, and (2) temporarily making privacy the primary task to motivate users to review and adjust their app settings. I evaluated app privacy nudges in three user studies. All three studies showed that app privacy nudges are indeed a promising approach to help users manage their privacy. App privacy nudges increased users’ awareness of privacy risks associated with apps on their phones, switched users’ attention to privacy management, and motivated users to review their app privacy settings. Additionally, the second study suggested that not all app privacy nudge contents equally help users manage their privacy. Rather, more effective nudge contents informed users of: (1) contexts in which their personal information has been accessed, (2) purposes for apps’ accessing their personal information, and (3) potential implications of secondary usage of users’ personal information. The third study showed that user engagement with nudges decreases as users receive repeated nudges. Nonetheless, the results of the third experiment also showed that users are more likely to engage with repeated nudges (1) if users have engaged with previous nudges, (2) if repeated nudges contain new in- formation (e.g., additional apps, not shown in earlier nudges, that accessed sensitive resources), or (3) if the nudge contents of repeated nudges resonate with users. The results of this dissertation suggest that mobile operating system providers should enrich their systems with app privacy nudges to assist users in managing their privacy. Additionally, the lessons learned in this dissertation may inform designing privacy nudges in emerging areas such as the Internet of Things.

The Android OS is ever growing on the global market, reaching more and more people. This have led to the distribution of millions of applications, that the Android user can interact with. However, the usage of Android apps is not risk free and there are various methods deployed by Google Play to protect the privacy of the Android owner. One of these protective measures are permissions. However, as permissions are controlled by the user, there is a need of comprehending the user behaviour and attitude to the permissions. Lack of understanding the importance, and of the permission itself, could present a real danger of privacy trespassing to the user. In this paper we evaluate the rate of attitude and behaviour by questionnaire and empirical quality-driven interviews. We compare and scrutinize our data with older studies. We identify factors contributing the failure to comply with permission warnings. Also, we find that there are connections between factors such as gender and age, for how the user behaviour and attitude conclude with permissions. In the end we present an exhaustive analysis and discussion to our results, ending with a conclusion that there are differences to be found from older studies and that there are connections in gender and age with how the user acts by permissions.

Left-turning maneuvers are considered to be the highest risk movements at intersections and two-thirds of the crashes associated with left-turns are reported at signalized intersections. Left-turning vehicles typically encounter conflicts from opposing through traffic. To separate conflicting movements, transportation agencies use a protected-only phase at signalized intersections where each movement is allowed to move alone. However, this could create delays and thus the concept of a protected-permissive phase has been introduced to balance safety and delays. However, the permissive part of this phasing scheme retains the safety concerns and could increase the possibility of conflicts resulting in crashes. This research developed a model that can predict the number of crashes for protected-permissive left-turn phasing, based on traffic volumes and calculated conflicts. A total of 103 intersections with permissive-protected left-turn phasing in Kentucky were simulated and their left-turn related conflicts were obtained from post processing vehicle trajectories through the Surrogate Safety Assessment Model (SSAM). Factors that could affect crash propensity were identified through the Principal Component Analysis in Negative Binomial Regression. Nomographs were developed from the models which can be used by traffic engineers in left-turn phasing decisions with enhanced safety considerations.

Problem - Android är det ledande operativsystemet på marknaden, samtidigt har tidigare forskning påvisat att skadlig kod och mobila attacker främst har riktats mot Androidenheter. Attacker utförs genom att applikationer som innehar skadlig kod, får den åtkomst på enheten som de begär genom att applikationsbehörigheter godkänns av användaren före installation av en applikation. Ett stort problem är att användarna i dagsläget väljer att ignorera behörigheterna före installation samt inte förstår dess betydelse. Frågeställning och syfte - Studien syftar till att undersöka tre frågeställningar. Den första forskningsfrågan behandlar hypoteser kring hur pass medvetna Androidanvändarna är om riskerna som finns hos tio applikationsbehörigheter vilket ofta förekommer bland skadliga applikationer. Vidare var målet med studien att undersöka om det finns ett samband mellan användarnas medvetenhet och nedladdningsbeteende. Den sista frågeställningen undersöker om användarna läser igenom applikationsbehörigheter före installation av en applikation och vilka bakgrundsorsaker det finns ifall de inte gör det. Metod - Kvantitativa metoder har använts i form av att det empiriska materialet inhämtats med hjälp av en enkätundersökning. I studien deltog 116 respondenter och resultatet togs fram med hjälp av stapeldiagram, korstabeller, Chi2-tester och frekvenstabeller. Resultat och slutsats - Målet har uppfyllts till hög grad, dock hade det varit gynnsamt att ha ett större urval för att möjligen kunna säkerställa samt stärka signifikansen i Chi2-testerna. Resultatet visade att en hög grad av användarna inte är medvetna om riskerna hos de undersökta behörigheterna. Vidare visade fynden att det finns ett visst samband mellan användarnas medvetenhet och nedladdningsbeteende då sex av tio hypoteser bekräftats. Resultatet visade även att 62 procent av användarna aldrig alternativt sällan läser igenom behörigheterna före installation, samt att orsaken till detta är att de inte förstår behörigheternas beskrivning alternativt inte lägger märke till behörigheterna. Slutligen påpekade respondenterna att de inte förstår behörigheternas beskrivning på grund av att de är för korta samt innehåller för många tekniska termer. Originalitet - Studiens resultat nyttjar främst Androidanvändarna för att öka deras kunskap vilket skyddar dem mot de risker som finns. Resultatet ger dock även nytta för vidare utveckling av applikationsbehörigheterna för att mer effektivt fungera som en varningsmetod vid nedladdning. Det som är nytt och värdefullt i studien är att vi baserat på problemen som påvisats hos tidigare forskning, valt att ytterligare fördjupa oss inom ämnet. Studien har undersökt om det finns ett samband mellan användarnas medvetenhet och nedladdningsbeteende, samt vilka bakgrundsorsaker det finns som medfört att användarna inte läser igenom samt inte förstår sig på applikationsbehörigheterna. Originalitet finns även i studien då vi avgränsat oss till att specifikt undersöka medvetenheten kring tio behörigheter som ofta förekommer bland skadliga applikationer, men som även uppkommer hos vanliga applikationer på Google Play.
Problem – Android is the leading operative system on the market, while previous studies have shown that malware and attacks have mostly been targeted at Android units. Attacks are executed when applications that consist malware gets access of the permissions they demand of the unit. This is by the approval of the user before an installation of an application. A problem is that many users ignores or don’t understand the permission they give applications access to. Purpose - The study aims to examine three issues. The first research question contains hypotheses about how aware Android users are of the risks which ten application permissions contain. These permissions often occurs among malicious applications but are also included among safe applications at Google Play. Furthermore, the objective of this study is to investigate whether there is a connection between the user awareness and their downloading behavior. The last issue examines whether users read through the application permissions before installing an application, and what possible reasons that causes them to not read the permissions. Methodology - Quantitative methods have been used by gathering the empirical material through a questionnaire. The study involved 116 respondents and the results were created by using bar graphs, crosstabs, Chi-square tests and frequency tables. Results and Conclusion - The goal has been met to a large extent, however, it would have been beneficial to have a larger selection to possibly be able to ensure and strengthen the significance of the Chi-square tests. The result showed that a high degree of users are not aware of the risks of the investigated permissions. Further findings showed that there is some connection between the user’s awareness and download behavior, since six out of ten hypotheses got confirmed. The results also showed that 62 percent of the users never alternatively rarely read permissions before installation. The reason for this is that they don’t understand the permissions associated description, alternatively don’t notice the permissions at all. Finally, the respondents indicated that they do not understand the description of the permissions because they are too short and have too many technical terms. Originality - The results of the study mainly benefits the Android users since it increases their knowledge which protects them against the risks. The result, however, also benefit the further development of the application permissions, to make them work more effectively as a warning method. What’s new and valuable in the study is that it’s based on the problems that was identified in previous research and we decided to further immerse ourselves in the subject. The study has investigated whether there is a connection between the user awareness and downloading behavior, as well as the background causes which makes the users ignore and don’t understand the permissions. Originality is also found in the study since we limited ourselves to specifically investigate ten permissions that often occur among malicious applications. The study is written in Swedish.

It is no secret that Android is one of the most widely used smartphone operating systems globally, boasting a staggering 2.5 billion active users. However, data secu¬rity has become a crucial aspect of smartphone usage with the increasing reliance on smartphones to store sensitive personal information. Unfortunately, many apps tend to collect user data without the user's knowledge or consent, which can harm data security. To counter this, Android has included an inbuilt security feature called app permission to enable users to control app access. This feature enables users to grant or decline app access to various phone features such as camera, microphone, and location data. The study proposes two methodology for classification app permissions. Firstly, static novel three-tiered system called APEC (App Permission Classification with Efficient Clustering).The study provides an insightful analysis of app permissions using a dataset of 2 million app permissions and app categories from the Google Play Store. The static novel three-tiered system called APEC (App Permission Classification with Efficient Clustering) aims to determine the safety of app permis¬sions based on their usage frequency within specific app categories. This system categorizes apps into three levels, clustering, approval, and classification, to ensure users can select appropriate permissions and developers can establish the minimum requirements for their apps to function smoothly. To accomplish this, APEC uses DBSCAN clustering to group apps based on their respective categories and evalu¬ate the safety of their permissions. Furthermore, it employs the Decision Tree and Random Forest machine learning algorithms to classify new app permissions as safe or unsafe. The proposed system achieved an impressive accuracy rating of 93.8% and 95.8% using the Decision Tree and Random Forest algorithms, respectively. Secondly, a dynamic methodology App Permission Classification Dynamic Model (APCM) based on APEC with added features and capabilities. It keeps track of the app permissions requested by various apps using a dataset of 2 million apps from the Google Play Store to train a random forest-based model using DBSCAN clustering. The APCM analyses each permission request's frequency in a category and creates a frequency map accordingly. This model is critical in rating the app permission as safe or unsafe by using DBSCAN clustering and predicting using a random forest machine learning algorithm. The APCM further enhances the results by using PSO¬BO optimization over the random forest, which is considered a highly accurate approach. The APCM provides a better experience and ensures that users can use apps safely without any concerns about their security. By analyzing the frequency of each permission request in a category, the APCM can identify safe and unsafe permissions and ensure that users can use apps without any worries. This model considers user preferences while classifying apps using the Dataset, ensuring a more personalized and satisfying user experience. The APCM has achieved an impressive accuracy of 87% in classifying an app's permission as safe or unsafe. Overall, the APCM is a highly innovative and effective approach that can help users ensure their apps are safe and secure. The use of DBSCAN clustering and random forest machine learning algorithms, and PSO-BO optimization ensure that the APCM is highly accurate and can provide a reliable classification of app permissions. This model is also highly user-friendly, ensuring users can use apps safely and securely without concerns about their security or data privacy.

碩士
國立中山大學
資訊管理學系研究所
102
Because of the expanding of smartphones, the applications on smartphones, Apps, are widely discussed. In Android platform, Apps have to acquire permissions in order to provide various functions for users. However, Apps might request more permissions than they need. Users have to grant permissions requested by Apps before downloading Apps. The purpose of this study is understanding the impacts of permissions on users'' intention to download mobile Apps. We proposed the concept of &;quot;permission-function fit (PFF)&;quot;, and included perceived privacy risk and social exchange theory into TAM to explore the research purpose. The results of this study are: (1) users'' attitude toward the App positively influences their download intention. (2) Users'' perceived usefulness and the ranking of the App positively influence users'' attitude toward the App; perceived privacy risk negatively affect users'' attitude; when App requests more permissions than it needs, users have negative attitude toward it. Perceived usefulness has the strongest effect on attitude. (3)The privacy level of permissions positively affects users'' perception of privacy risk; when Apps request more permissions than they need, users perceive higher privacy risk.

碩士
國立高雄第一科技大學
行銷與流通管理研究所
103
The study aims to investigate the impact of “from free to fee” and permission marketing on App download intention. In order to avoid the interference comes from other external factors, the two factors between-subject design were used, and conducted as 2(from free to fee: free and fee) ×2(permission levels: high and low). There are 146 subjects to attend the experiment, include 66 males and 80 females. Additionally, we employ “from free to fee” (i.e. free to fee and fee to free) to be a between-subject experiment design which generates two situations wholly. The results show that, the free App leads higher download intention than the App with a fee, and the App with higher permission level leads higher download intention than the App with lower permission level. The interaction effect of “from free to fee” and permission marketing on App download intention is not significant. The main effect is significant, but the interaction effect is still not significant after adding gender as the moderator. The App download intention between man and woman is significantly different. Finally, this study presents the theory and managerial implications for reference in future research and industry application. Keywords: From free to fee, Permission marketing, Gender, App download intention.

碩士
國立雲林科技大學
資訊工程系
107
The increasing number of malicious APKs and the evolution of related technologies and advances in attack techniques have led to many types of malicious behaviors, such as Trojans, SMS, advertising software, etc., bring about a serious threat to mobile device users. According to the GDATA survey of German security operators [22], the number of new Android malicious APKs was 3 million in 2017； and the number of new Android malicious APKs found was 3.18 million until the third quarter in 2018. It is imperative to detect if the APK contains malicious behavior. The method of detection in this paper is mainly static analysis. It uses static analysis to extract all the APIs of the malicious APK and the benign APK and the Permission declared by the APK, and compares the APIs executed by the APK with executable APIs in the declared Permission. After the comparison, the reserved API and Permission are used as the input of the feature filtering. The feature screening formula proposed in this paper is computing the difference of total number of APIs and the difference of total number of Permissions between the malicious APK data set and the benign APK data set. The larger differences are reserved, but the smaller difference are removed. After the feature-filtered API and Permission are used as feature vectors which the machine learning algorithm is used to train the classification model (Random Forest, SVM). We analyzed 26389 malicious APKs and benign APKs through experiments. The experimental results show that the accuracy of the feature screening method used in this paper is 95.03%. Compared with other papers [6,17], the accuracy of this paper increases by about 1~3%. 0.1 to 0.3% accuracy.

Android eco system works in two steps as far as an application developer is concerned. In the first step, developers design and develop an Android app and subsequently publish it on Google Play Store either as paid apps or with some advertisements to earn monetary benefit or sometimes as free app just for building user base. Besides the bona fide Android ecosystem, there is a parallel dark world of malicious attackers who repackage other developer's application (Free apps available in Play Store or other app stores) and publish it with their own name. Alternatively, they add advertisements with their own bank accounts or even add malicious code and use it for their own benefit. In a similar fashion, malicious attackers embed malware payload into the original applications so as to gain control of the mobile devices on which they are running to retrieve the private data of the user, stealthily read or send SMS messages to premium rate numbers, read banking credentials and so on. Although there are many identification methods which have been used traditionally to detect these repackaged applications existing in various Android app stores. However, it is not always effective to analyse any new application. Repackaged apps are a serious vulnerability these days in Android phones. Various threat mitigation measures have been devised like watermarking in case of rooted device. But, a defence mechanism that prohibits repackaged apps from running on a user device (non-rooted device) is not common. Our repackage-proofing technique for Android apps is trustworthy and covert. Repackaged apps present considerable challenge to the security and privacy of smartphone users. But fortunately such apps can be made to crash (randomly crash to confuse attackers) using keystore check as well as permissions added in repackaged code. Even other techniques like code obfuscation using ProGuard tool are helpful. It does not require any change at the Framework or System level. Private key used to sign the apk is with the original developer. Any app which is installed in an Android system need to pass signature validation. PackageManager API reads an apk and extracts the app information. It then saves the information in three different files on device path /data/system. Out of these three files, the most important is packages.xml. It contains key information like names, code paths, public keys, permissions, etc., 2 | P a g e for all the installed apps. PackageManager API is used to retrieve Kr from the file. We split this Kr value into 8 equal parts and store it as constants in different classes. At runtime, we merge these parts to recreate Kr and compare it with Kr value returned by making use of PackageManager. For repackaged apps as signing key has changed, the two Kr values will be different.

碩士
嶺東科技大學
資訊管理系碩士班
103
The reason of studying this research plan is due to the APP of smart mobile devices recently have begun to cause security and privacy problems, it also leads to a fraudulent social phenomenon. In order to understand users’ intention before installing APP when the decleard screem pop up to request the using device permission, whether users have the perceived risk to determine that the using device permission is appropriate, and the impact of the perceived risk on follow-up users’ willingness to install. Therefore, this research plan studing participants are users who use smart mobile device with Android system. After investigating issues which are based on Knowledge Product theory、Trust theory and perceived risk theory, and then designing and constructing this research model. Finally, sending the on-line questionnaire to the users who use smart mobile device with Android system in Taiwan ,and then analysing recalled date by SPSS for Windows V.12.