Proceedings ArticleDOI
Android permissions: user attention, comprehension, and behavior
TLDR
It is found that current Android permission warnings do not help most users make correct security decisions, however, a notable minority of users demonstrated both awareness of permission warnings and reasonable rates of comprehension.Abstract:
Android's permission system is intended to inform users about the risks of installing applications. When a user installs an application, he or she has the opportunity to review the application's permission requests and cancel the installation if the permissions are excessive or objectionable. We examine whether the Android permission system is effective at warning users. In particular, we evaluate whether Android users pay attention to, understand, and act on permission information during installation. We performed two usability studies: an Internet survey of 308 Android users, and a laboratory study wherein we interviewed and observed 25 Android users. Study participants displayed low attention and comprehension rates: both the Internet survey and laboratory study found that 17% of participants paid attention to permissions during installation, and only 3% of Internet survey respondents could correctly answer all three permission comprehension questions. This indicates that current Android permission warnings do not help most users make correct security decisions. However, a notable minority of users demonstrated both awareness of permission warnings and reasonable rates of comprehension. We present recommendations for improving user attention and comprehension, as well as identify open challenges.read more
Citations
More filters
Proceedings ArticleDOI
Android permissions demystified
TL;DR: Stowaway, a tool that detects overprivilege in compiled Android applications, is built and finds that about one-third of applications are overprivileged.
Proceedings ArticleDOI
PScout: analyzing the Android permission specification
TL;DR: An analysis of the permission system of the Android smartphone OS is performed and it is found that a trade-off exists between enabling least-privilege security with fine-grained permissions and maintaining stability of the permissions specification as the Android OS evolves.
Proceedings ArticleDOI
Security Analysis of Emerging Smart Home Applications
TL;DR: This paper analyzed Samsung-owned SmartThings, which has the largest number of apps among currently available smart home platforms, and supports a broad range of devices including motion sensors, fire alarms, and door locks, and discovered two intrinsic design flaws that lead to significant overprivilege in SmartApps.
Proceedings ArticleDOI
Why eve and mallory love android: an analysis of android SSL (in)security
TL;DR: An analysis of 13,500 popular free apps downloaded from Google's Play Market revealed that 1,074 (8.0%) of the apps examined contain SSL/TLS code that is potentially vulnerable to MITM attacks, and MalloDroid is introduced, a tool to detect potential vulnerability againstMITM attacks.
Proceedings ArticleDOI
Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing
TL;DR: A new model for privacy is introduced, namely privacy as expectations, which involves using crowdsourcing to capture users' expectations of what sensitive resources mobile apps use and a new privacy summary interface that prioritizes and highlights places where mobile apps break people's expectations.
References
More filters
Journal ArticleDOI
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
William Enck,Peter Gilbert,Seungyeop Han,Vasant Tendulkar,Byung-Gon Chun,Landon P. Cox,Jaeyeon Jung,Patrick McDaniel,Anmol Sheth +8 more
TL;DR: TaintDroid as mentioned in this paper is an efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data by leveraging Android's virtualized execution environment.
Proceedings ArticleDOI
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
William Enck,Peter Gilbert,Byung-Gon Chun,Landon P. Cox,Jaeyeon Jung,Patrick McDaniel,Anmol Sheth +6 more
TL;DR: Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, this work found 68 instances of misappropriation of users' location and device identification information across 20 applications.
Journal ArticleDOI
Impact of Online Consumer Reviews on Sales: The Moderating Role of Product and Consumer Characteristics
Feng Zhu,Xiaoquan Zhang +1 more
TL;DR: This article examined how product and consumer characteristics moderate the influence of online consumer reviews on product sales using data from the video game industry and found that online reviews are more influential for less popular games and games whose players have greater Internet experience.
Proceedings ArticleDOI
Android permissions demystified
TL;DR: Stowaway, a tool that detects overprivilege in compiled Android applications, is built and finds that about one-third of applications are overprivileged.