Showing papers on "App store published in 2013"

WHYPER: towards automating risk assessment of mobile applications

Abstract: Application markets such as Apple's App Store and Google's Play Store have played an important role in the popularity of smartphones and mobile devices. However, keeping malware out of application markets is an ongoing challenge. While recent work has developed various techniques to determine what applications do, no work has provided a technical approach to answer, what do users expect? In this paper, we present the first step in addressing this challenge. Specifically, we focus on permissions for a given application and examine whether the application description provides any indication for why the application needs a permission. We present WHYPER, a framework using Natural Language Processing (NLP) techniques to identify sentences that describe the need for a given permission in an application description. WHYPER achieves an average precision of 82.8%, and an average recall of 81.5% for three permissions (address book, calendar, and record audio) that protect frequently-used security and privacy sensitive resources. These results demonstrate great promise in using NLP techniques to bridge the semantic gap between user expectations and application functionality, further aiding the risk assessment of mobile applications.

Apps of Steel: Are Exercise Apps Providing Consumers With Realistic Expectations?: A Content Analysis of Exercise Apps for Presence of Behavior Change Theory

Abstract: Objective. To quantify the presence of health behavior theory constructs in iPhone apps targeting physical activity. Methods. This study used a content analysis of 127 apps from Apple’s (App Store) Health & Fitness category. Coders downloaded the apps and then used an established theory-based instrument to rate each app’s inclusion of theoretical constructs from prominent behavior change theories. Five common items were used to measure 20 theoretical constructs, for a total of 100 items. A theory score was calculated for each app. Multiple regression analysis was used to identify factors associated with higher theory scores. Results. Apps were generally observed to be lacking in theoretical content. Theory scores ranged from 1 to 28 on a 100-point scale. The health belief model was the most prevalent theory, accounting for 32% of all constructs. Regression analyses indicated that higher priced apps and apps that addressed a broader activity spectrum were associated with higher total theory scores. Conclus...

The promise and peril of mobile health applications for diabetes and endocrinology.

Abstract: We are in the midst of what some have called a "mobile health revolution". Medical applications ("apps") for mobile phones are proliferating in the marketplace and clinicians are likely encountering patients with questions about the medical value of these apps. We conducted a review of medical apps focused on endocrine disease. We found a higher percentage of relevant apps in our searches of the iPhone app store compared with the Android marketplace. For our diabetes search in the iPhone store, the majority of apps (33%) focused on health tracking (blood sugars, insulin doses, carbohydrates), requiring manual entry of health data. Only two apps directly inputted blood sugars from glucometers attached to the mobile phone. The remainder of diabetes apps were teaching/training apps (22%), food reference databases (8%), social blogs/forums (5%), and physician directed apps (8%). We found a number of insulin dose calculator apps which technically meet criteria for being a medically regulated mobile application, but did not find evidence for FDA-approval despite their availability to consumers. Far fewer apps were focused on other endocrine disease and included medical reference for the field of endocrinology, access to endocrine journals, height predictors, medication trackers, and fertility apps. Although mobile health apps have great potential for improving chronic disease care, they face a number of challenges including lack of evidence of clinical effectiveness, lack of integration with the health care delivery system, the need for formal evaluation and review and organized searching for health apps, and potential threats to safety and privacy.

Inferring app demand from publicly available data

Abstract: With an abundance of products available online, many online retailers provide sales rankings to make it easier for consumers to find the best-selling products. Successfully implementing product rankings online was done a decade ago by Amazon, and more recently by Apple's App Store. However, neither market provides actual download data, a very useful statistic for both practitioners and researchers. In the past, researchers developed various strategies that allowed them to infer demand from rank data. Almost all of that work is based on an experiment that shifts sales or collaboration with a vendor to get actual sales data. In this research, we present an innovative method to use public data to infer the rank--demand relationship for the paid apps on Apple's iTunes App Store. We find that the top-ranked paid app for iPhone generates 150 times more downloads compared to the paid app ranked at 200. Similarly, the top paid app on iPad generates 120 times more downloads compared to the paid app ranked at 200. We conclude with a discussion on an extension of this framework to the Android platform, in-app purchases, and free apps.

Cytoscape App Store

Abstract: Summary: Cytoscape is an open source software tool for biological network visualization and analysis, which can be extended with independently developed apps. We launched the Cytoscape App Store to highlight the important features that apps add to Cytoscape, enable researchers to find and install apps they need and help developers promote their apps. Availability: The App Store is available at http://apps.cytoscape.org. Contact: apico@gladstone.ucsf.edu

Jekyll on iOS: when benign apps become evil

Abstract: Apple adopts the mandatory app review and code signing mechanisms to ensure that only approved apps can run on iOS devices. In this paper, we present a novel attack method that fundamentally defeats both mechanisms. Our method allows attackers to reliably hide malicious behavior that would otherwise get their app rejected by the Apple review process. Once the app passes the review and is installed on an end user's device, it can be instructed to carry out the intended attacks. The key idea is to make the apps remotely exploitable and subsequently introduce malicious control flows by rearranging signed code. Since the new control flows do not exist during the app review process, such apps, namely Jekyll apps, can stay undetected when reviewed and easily obtain Apple's approval. We implemented a proof-of-concept Jekyll app and successfully published it in App Store. We remotely launched the attacks on a controlled group of devices that installed the app. The result shows that, despite running inside the iOS sandbox, Jekyll app can successfully perform many malicious tasks, such as stealthily posting tweets, taking photos, stealing device identity information, sending email and SMS, attacking other apps, and even exploiting kernel vulnerabilities.

Mobile Apps in Cardiology: Review

Abstract: Background: Cardiovascular diseases are the deadliest diseases worldwide, with 17.3 million deaths in 2008 alone. Among them, heart-related deaths are of the utmost relevance; a fact easily proven by the 7.25 million deaths caused by ischemic heart disease alone in that year. The latest advances in smartphones and mHealth have been used in the creation of thousands of medical apps related to cardiology, which can help to reduce these mortality rates. Objective: The aim of this paper is to study the literature on mobile systems and applications currently available, as well as the existing apps related to cardiology from the leading app stores and to then classify the results to see what is available and what is missing, focusing particularly on commercial apps. Methods: Two reviews have been developed. One is a literature review of mobile systems and applications, retrieved from several databases and systems such as Scopus, PubMed, IEEE Xplore, and Web of Knowledge. The other is a review of mobile apps in the leading app stores, Google play for Android and Apple’s App Store for iOS. Results: Search queries up to May 2013 located 406 papers and 710 apps related to cardiology and heart disease. The most researched section in the literature associated with cardiology is related to mobile heart (and vital signs) monitoring systems and the methods involved in the classification of heart signs in order to detect abnormal functions. Other systems with a significant number of papers are mobile cardiac rehabilitation systems, blood pressure measurement, and systems for the detection of heart failure. The majority of apps for cardiology are heart monitors and medical calculators. Other categories with a high number of apps are those for ECG education and interpretation, cardiology news and journals, blood pressure tracking, heart rate monitoring using an external device, and CPR instruction. There are very few guides on cardiac rehabilitation and apps for the management of the cardiac condition, and there were no apps that assist people who have undergone a heart transplant.

Transparency of health-apps for trust and decision making

Abstract: Smart devices such as smartphones and tablet PCs have become an integral part of everyday life as well as for professional applications. This is also true for medicine [1]. To enhance patient safety for medical apps or health apps that are to be used successfully in today’s medical settings, a good information policy should always be part of the marketing strategy. Patients and doctors that are well informed about the benefits, limits, and risks of an app are in a better position to give more reasoning to their decisions whether they want to use it in a medical context or not. To address the current shortcomings concerning the way information about apps is provided to potential users of apps, Lewis, in a recent letter to JMIR, proposed a set of standard criteria [2] analogous to those published by the Health on the Net foundation [3] to be used for assessing the utility of medical apps based on a systematic self-certification model. He suggested using a central platform for this purpose, for example, the United Kingdom National Health Service App Store, to allow registered developers of mobile medical apps to highlight the fact that they conform to these criteria. This would probably also give developers and distributors of such apps an advantage over their competitors. While this certainly is a promising approach, I would like to add a few points. For one, in an international setting with users coming from various (and in many cases non-professional) backgrounds, it may be difficult to lead them to a separate platform that is not the standard app distribution platform that users are accustomed to. This is especially the case for casual users who probably tend to use information that is readily available on the app stores or to simply read what other users have to say about an app. In my opinion, the users themselves should not be disregarded in the overall process since they play an important role by applying the information they have at hand to the product they are interested in and evaluating whether it meets their needs. In contrast to other medical products (eg, for clinical use), where many professional users are confronted with already chosen products that have been labeled as appropriate by experts, many professionals or laypersons have to decide on the appropriateness of the medical app themselves. Therefore, especially for apps, ensuring patient safety also has to include the identification of the right product, in this case an app, that matches the desired setting and indication. Every piece of information covering the necessary aspects helps decision makers and/or end users in professional settings as well as for private use to determine whether an app can be trusted and safe. Thus, to ensure high impact, it would probably make sense to provide users with the appropriate information at places where they expect it (ie, directly in an app’s description on the respective app store and/or on the manufacturer’s homepage and/or marketing material). This should be done following a standardized structure that includes criteria with a clear rationale (Table 1), for example, in the form of a clearly structured app synopsis (Table 2) [4]. A basis for this was proposed in [5], which also included the aspects mentioned in [2] with more detail. Table 1 Criteria for assessing health apps and medical apps. Table 2 Detailed description of items of the App-Synopsis for health apps and medical apps. There are already a number of existing initiatives and projects that use almost identical criteria to those suggested by Lewis, for example, the “Apps Peer-Review” by the Journal of Medical Internet Research (JMIR) launched in 2013 [6]. The JMIR mHealth disclosure form [7] also covers many of the concerns mentioned in the proposed app synopsis. Mostly, these projects reach this goal by installing certification and/or (third party) review processes and publishing the corresponding evaluation results using specific channels (eg, their own webpage or scientific journals). The app synopsis could be seen as a “first level” approach according to criteria already specified by previous projects dealing with quality assurance for Web-based information sources [8], though its focus is slightly different. At first, it could serve to provide all interested parties with sufficient information that, in addition to providing customers with basic information about an app, can then also be used as a starting point for building tests (eg, to identify the appropriate reviewers and testing methods, independent of the business model or revenue strategy that is employed by each respective initiative). The current market players come from different backgrounds and thus also have different interests in mind. In Germany, for example, there are some initiatives focusing mainly on a single disease while others target health apps in general. Also, their funding strategies differ significantly, ranging from privately funded initiatives or publicly financed institutions to companies that are being paid on a case-by-case basis. If manufacturers were to publish the necessary information following this app synopsis, both they as well as the users would clearly benefit. Users would receive a complete and easily comprehensible set of information that would support them in their decision making process while manufacturers would be able to follow the simple structure of the synopsis to compile the necessary information without expending too much effort since they only have to compile information that should already be available to them. Although this is not equivalent to an officially sanctioned certification process, information published according to the synopsis could nevertheless serve as a reference if there are any disputes between both sides.

Adherence to evidence-based guidelines among diabetes self-management apps.

Abstract: Smartphone apps can provide real-time, interactive self-management aid to individuals with diabetes. It is currently unclear whether existing diabetes self-management apps follow evidence-based guidelines. The purpose of this study was to evaluate the extent to which existing diabetes self-management apps address the seven self-management behaviors recommended by the American Association of Diabetes Educators (the AADE7™). The term “diabetes” identified relevant self-management apps via the Apple App Store search engine in March 2012. Ratings were based on app descriptions and downloads. Chi-square analyses assessed differences in apps based on developer type. Apps promoted a median of two AADE7™ skills. Overall reliability between description and download ratings was good (kappa = .66). Reliability of individual skills was variable (kappa = .25 to .91). Most diabetes apps do not conform to evidence-based recommendations, and future app reviews would benefit from testing app performance. Future apps may also benefit from theory-based designs.

Spirituality: there's an app for that! (but not a lot of research)

Abstract: The iTunes App Store contains over six thousand apps related to spirituality and religion. The ACM digital library, however, contains only 98 works that address this topic from an HCI perspective. Despite high-profile calls for research in the area, the HCI community has produced only 19 research papers focused on the topic, almost half of which are the work of one person and her colleagues. In this paper we provide an overview of the relevant HCI research in this area, a partial inventory of spiritually oriented apps in the iTunes US App Store, and a comparison of research and real-world developments. We discuss the gaps in the HCI literature on techno-spiritual practices and speculate about some of the difficulties and challenges that face the HCI community in conducting research in this area.

Defining App Stores: The Role of Curated Marketplaces in Software Ecosystems

Abstract: The app store is a novel concept in the software business, that has changed the way in which customers perceive software and its day-to-day use. The concept, however, is poorly understood, which can be observed by lack of a comprehensive definition and relatively little literature on the topic. This paper provides a definition of app stores, provides a conceptual model of the concept, and supplies typical features and policies that are observed in app stores, using six case studies. The increased understanding that the research provides, aims to help practitioners make their app store more successful and provides researchers with a frame for defining and analyzing app stores.

A Systematic Self-Certification Model for Mobile Medical Apps

Abstract: Errol Ozdalga and colleagues recently highlighted the impressive range of roles and uses of smartphones in the medical setting [1]. An important point highlighted and worth developing from this paper is the difficulties associated with accurately comparing and assessing different medical apps for smartphones. This is mainly due to the fact that medical apps are often designed with one particular focus and inherently different interfaces which often make a direct comparison between apps unfeasible. Furthermore, even apps that purport to complete the same task often include extra functionality or features that make direct evaluation impossible. One solution offered by Ozdalga et al is to survey doctors on the perceived impact of specific apps available. However I believe that this is unfeasible given the rate at which the medical app ecosystem is evolving in terms of number, range, and type of app. With thousands of medical apps available, it is highly improbable that a clinician has a working knowledge of the complete range available. As such, any surveys will be subjective depending on the target audience and consequently offer limited utility for physicians and medical students alike. Moreover, surveys regarding specific apps are usually out of date by the time they are published. What is more important, is establishing a systematic method by which medical apps can be compared and their utility for health care professionals validated. One proposed method to solve this is to develop a set of standard criteria that can be used to systematically assess the utility of a medical app for a health care professional. I believe that the most efficient and effective method should be based on a self-certification system with key criteria that have been adapted from the Health on the Net foundation (HON, [2]). Table 1 shows potential self-certification criteria which medical apps could be reasonably expected to achieve in order to establish the validity of the information contained within the app. The Health on the Net Foundation Code of Conduct (HONcode) for medical and health websites addresses one of Internet's main health care issues: the reliability and credibility of information. It is therefore highly applicable to medical apps that are subject to the same issues. Table 1 A list of potential criteria based on the HONcode to be used as the basis of a self-certification model for medical apps. Using this system, it would then possible to set up a self-certification process where registered developers could highlight the fact that their app conforms to these basic criteria. At the moment, no such organization exists although there is clearly scope for such an entity. With the impending launch of the United Kingdom National Health Service App Store, it appears that there has never been a better time to develop a self-certification model for medical apps.

Investigating app store ranking algorithms using a simulation of mobile app ecosystems

Abstract: App stores are one of the most popular ways of providing content to mobile device users today. But with thousands of competing apps and thousands new each day, the problem of presenting the developers' apps to users becomes nontrivial. There may be an app for everything, but if the user cannot find the app they desire, then the app store has failed. This paper investigates app store content organisation using AppEco, an Artificial Life model of mobile app ecosystems. In AppEco, developer agents build and upload apps to the app store; user agents browse the store and download the apps. This paper uses AppEco to investigate how best to organise the Top Apps Chart and New Apps Chart in Apple's iOS App Store. We study the effects of different app ranking algorithms for the Top Apps Chart and the frequency of updates of the New Apps Chart on the download-to-browse ratio. Results show that the effectiveness of the shop front is highly dependent on the speed at which content is updated. A slowly updated New Apps Chart will impact the effectiveness of the Top Apps Chart. A Top Apps Chart that measures success by including too much historical data will also detrimentally affect app downloads.

RILAnalyzer: a comprehensive 3G monitor on your phone

Abstract: The popularity of smartphones, cloud computing, and the app store model have led to cellular networks being used in a completely different way than what they were designed for. As a consequence, mobile applications impose new challenges in the design and efficient configuration of constrained networks to maximize application's performance. Such difficulties are largely caused by the lack of cross-layer under- standing of interactions between different entities -applications, devices, the network and its management plane. In this paper, we describe RILAnalyzer, an open-source tool that provides mechanisms to perform network analysis from within a mobile device. RILAnalyzer is capable of recording low-level radio information and accurate cellular net- work control-plane data, as well as user-plane data. We demonstrate how such data can be used to identify previously overlooked issues. Through a small user study across four cellular network providers in two European countries we infer how different network configurations are in reality and explore how such configurations interact with application logic, causing network and energy overheads.

An Analysis of the Mobile App Review Landscape: Trends and Implications

Abstract: Context: Apple Inc.’s App Store oers a distribution mechanism for apps and a public review system which allows users to express opinions regarding purchased apps. The ratings and reviews left by users have the potential to inuence new users and, hence, have an impact on the commercial feasibility of an app. Objective: Current literature has extensively investigated reviews of books, movies and hotels. However, there is a limited understanding of reviews for mobile apps. In this work, we analyse a large sample of reviews for top rated apps in order to determine the nature of the reviews, and how these reviews evolve over time. Method: We performed a statistical analysis of approximately 8 million app reviews to identify the general distribution of review size, the rate of growth for reviews, and analyse the change of both rating and review size over time using the Gini coecient. Results: We found that (i) most reviews are short and the majority of apps receive well under 50 reviews in their

Facilitating developer-user interactions with mobile app review digests

Abstract: As users are interacting with a large of mobile apps under various usage contexts, user involvements in an app design process has become a critical issue. Despite this fact, existing apps or app store platforms only provide a limited form of user involvements such as posting app reviews and sending email reports. While building a unified platform for facilitating user involvements with various apps is our ultimate goal, we present our preliminary work on handling developers' information overload attributed to a large number of app comments. To address this issue, we first perform a simple content analysis on app reviews from the developer's standpoint. We then propose an algorithm that automatically identifies informative reviews reflecting user involvements. The preliminary evaluation results document the efficiency of our algorithm.

What health topics older adults want to track: a participatory design study

Abstract: Older adults are increasingly savvy consumers of smartphone-based health solutions and information. These technologies may enable older adults to age-in-place more successfully. However, many app creators fail to do needs assessments of their end-users. To rectify this issue, we involved older adults (aged 65+) in the beginning stages of designing a mobile health and wellness application. We conducted a participatory design study, where 5 groups of older adults created 5 designs. Four groups identified at least 1 health metric not currently offered in either the iPhone app store or the Google Play store. At the end of the sessions we administered a questionnaire to determine what health topics participants would like to track via smartphone or tablet. The designs included 13 health topics that were not on the questionnaire. Seventeen of eighteen participants expressed interest in tracking health metrics using a smartphone/tablet despite having little experience with these devices. This shows that older adults have unique ideas that are not being considered by current technology designers. We conclude with recommendations for future development, and propose continuing to involve to older adults in participatory design.

Apps for mathematics learning : a review of 'educational' apps from the iTunes App Store

Abstract: Increasingly iPads1M are being used in schools and prior-to-school settings, with a plethora of Apps available for mathematics learning. Despite the growing number of Apps available in the iTunes App Store, there has been limited systematic analysis of the pedagogic design of Apps designed for mathematics learning. This paper describes a content analysis of Apps that are currently available as 'educational' content in the iTunes App Store and highlights the limited range of pedagogic designs available for mathematics learning.

Ranking fraud detection for mobile apps: a holistic view

Abstract: Ranking fraud in the mobile App market refers to fraudulent or deceptive activities which have a purpose of bumping up the Apps in the popularity list. Indeed, it becomes more and more frequent for App develops to use shady means, such as inflating their Apps' sales or posting phony App ratings, to commit ranking fraud. While the importance of preventing ranking fraud has been widely recognized, there is limited understanding and research in this area. To this end, in this paper, we provide a holistic view of ranking fraud and propose a ranking fraud detection system for mobile Apps. Specifically, we investigate two types of evidences, ranking based evidences and rating based evidences, by modeling Apps' ranking and rating behaviors through statistical hypotheses tests. In addition, we propose an optimization based aggregation method to integrate all the evidences for fraud detection. Finally, we evaluate the proposed system with real-world App data collected from the Apple's App Store for a long time period. In the experiments, we validate the effectiveness of the proposed system, and show the scalability of the detection algorithm as well as some regularity of ranking fraud activities.

Mobile enterprise smartcard authentication

Abstract: Utilities that allow for multi-factor authentication into an enterprise network with a smart card using mobiles devices (e.g., smartphones, tablets, etc.), where almost any application (app) or website that accesses enterprise resources can be launched or executed to automatically establish of a VPN connection with the enterprise network free of necessarily having to specially configure the apps or websites to be useable with smart cards, card readers, etc. Virtually any app can be used and take advantage of the multifactor authentication free or substantially free of modification to the app itself as the disclosed utilities may take advantage of the native VPN clients and capabilities provided with the mobile device operating system (OS) (e.g., Android®, iOS). As a result, a much more flexible solution may be provided that allows the use of commercially available apps (e.g., from an “App Store”) as well as, for instance, enterprise developed apps.

Categorised ethical guidelines for large scale mobile HCI

Abstract: The recent rise in large scale trials of mobile software using 'app stores' has moved current researcher practice beyond available ethical guidelines. By surveying this recent and growing body of literature, as well as established professional principles adopted in psychology, we propose a set of ethical guidelines for large scale HCI user trials. These guidelines come in two parts: a set of general principles and a framework into which individual app store-based trials can be assessed and ethical concerns exposed. We categorise existing literature using our scheme, and explain how researchers could use our framework to classify their future user trials to determine ethical responsibility, and the steps required to meet these obligations.

App Neutrality: Apple’s App Store and Freedom of Expression Online

Abstract: Apple’s wireless devices have become a critical entry point into the Internet. But unlike the broader Internet, which can be construed as a relatively open communications network, the iOS app store is arguably a closed technological ecosystem. Developers must gain Apple’s approval before distributing their apps through the store. Some have criticized the company’s app review and approval process for being opaque and arbitrary. This process has also resulted in the rejection of both explicitly and implicitly political apps. This article analyzes Apple’s guidelines and approval process, discusses content-based rejections of apps, and outlines the consequences of this process for developers’ and consumers’ freedom of expression. It also argues for principles that guarantee “app neutrality” while also guaranteeing device safety and quality control.

Usage of multilingual mobile translation applications in clinical settings.

Abstract: Background: Communication between patients and medical staff can be challenging if both parties have different cultural and linguistic backgrounds. Specialized applications can potentially alleviate these problems and significantly contribute to an effective, improved care process when foreign language patients are involved. Objective: The objective for this paper was to discuss the experiences gained from a study carried out at the Hannover Medical School regarding the use of a mobile translation application in hospital wards. The conditions for successfully integrating these technologies in the care process are discussed. Methods: iPads with a preinstalled copy of an exemplary multilingual assistance tool (“xprompt”) designed for use in medical care were deployed on 10 wards. Over a period of 6 weeks, approximately 160 employees of the care staff had the opportunity to gather experiences with the devices while putting them to use during their work. Afterwards, the participants were asked to fill out an anonymous, paper-based questionnaire (17 questions) covering the usability of the iPads, translation apps in general, and the exemplary chosen application specifically. For questions requiring a rating, Likert scales were employed. The retained data were entered into an electronic survey system and exported to Microsoft Excel 2007 for further descriptive analysis. Results: Of 160 possible participants, 42 returned the questionnaire and 39 completed the questions concerning the chosen app. The demographic data acquired via the questionnaire (ie, age, professional experience, gender) corresponded to the values for the entire care staff at the Hannover Medical School. Most respondents (35/39, 90%) had no previous experience with an iPad. On a 7-point scale, the participants generally rated mobile translation tools as helpful for communicating with foreign language patients (36/39, 92%; median=5, IQR=2). They were less enthusiastic about xprompt’s practical use (36/39, median=4, IQR=2.5), although the app was perceived as easy-to-use (36/39, median=6, IQR=3) and there were no obvious problems with the usability of the device (36/39, median=6, IQR=2). Conclusions: The discrepancy between the expert ratings for xprompt (collected from the App Store and online) and the opinions of the study’s participants can probably be explained by the differing approaches of the two user groups. The experts had clear expectations, whereas, without a more thorough introduction, our study participants perceived using the app as too time consuming in relation to the expected benefit. The introduction of such tools in today’s busy care settings should therefore be more carefully planned to heighten acceptance of new tools. Still, the low return rate of the questionnaires only allows for speculations on the data, and further research is necessary. Trial Registration: This study was approved by the local institutional review board (IRB), Trial ID number: 1145-2011.

Research in the Large: Challenges for Large-Scale Mobile Application Research- A Case Study about NFC Adoption using Gamification via an App Store

Abstract: The adoption of NFC technology has taken longer than expected after its inception in 2004. Several projects on ticketing and payment are gaining momentum. However, the actual state of adoption of NFC is still unclear. As an alternative to consultants’ prediction (which mostly prove wrong), this paper describes a gamification-based approach to motivate users themselves to report on NFC tags they spotted in their environment. As part of a trading card context, users get rewarded with gadgets and points for documenting the existence of NFC technology in their environment. This paper describes the development of this game and the experiences of two release cycles. The paper concludes with lessons learned and provides an outlook on next steps.

Launching generic attacks on iOS with approved third-party applications

Abstract: iOS is Apple's mobile operating system, which is used on iPhone, iPad and iPod touch. Any third-party applications developed for iOS devices are required to go through Apple's application vetting process and appear on the official iTunes App Store upon approval. When an application is downloaded from the store and installed on an iOS device, it is given a limited set of privileges, which are enforced by iOS application sandbox. Although details of the vetting process and the sandbox are kept as black box by Apple, it was generally believed that these iOS security mechanisms are effective in defending against malwares. In this paper, we propose a generic attack vector that enables third-party applications to launch attacks on non-jailbroken iOS devices. Following this generic attack mechanism, we are able to construct multiple proof-of-concept attacks, such as cracking device PIN and taking snapshots without user's awareness. Our applications embedded with the attack codes have passed Apple's vetting process and work as intended on non-jailbroken devices. Our proof-of-concept attacks have shown that Apple's vetting process and iOS sandbox have weaknesses which can be exploited by third-party applications. We further provide corresponding mitigation strategies for both vetting and sandbox mechanisms, in order to defend against the proposed attack vector.

Understanding and capturing people's mobile app privacy preferences

Abstract: Users are increasingly expected to manage a wide range of security and privacy settings. An important example of this trend is the variety of users might be called upon to review permissions when they download mobile apps. Experiments have shown that most users struggle with reviewing these permissions. Earlier research efforts in this area have primarily focused on protecting users' privacy and security through the development of analysis tools and extensions intended to further increase the level of control provided to users with little regard for human factor considerations. This thesis aims to address this gap through the study of user mobile app privacy preferences with the dual objective of both simplifying and enhancing mobile app privacy decision interfaces. Specifically, we combine static code analysis, crowdsourcing and machine learning techniques to elicit people's mobile app privacy preferences. We show how the resulting preference models can inform the design of interfaces that offer the promise of alleviating user burden when it comes to reviewing the permissions requested by mobile apps. Our contribution is threefold. First, we provide the first large-scale, in-depth analysis of mobile app data collection and usage practices as found in the Google Play app store. This includes an analysis of over 100,000 Android apps, the permissions they request and the different types of third parties with which they share information. Second, we introduce a crowdsourcing methodology to collect people's privacy preferences when it comes to granting permissions to mobile apps for different purposes (e.g. for internal purpose, for sharing with advertising networks) and use the results to develop new mobile app privacy decision interfaces. Third, by using machine teaming techniques to analyze privacy preferences from over 700 smartphone users, we show that, while these preferences are diverse, a relatively small number of privacy profiles can go a long way in simplifying the number of decisions users have to make. This last contribution offers the promise of alleviating user burden and ultimately increasing their control over their information. This thesis provides an important scientific basis for starting to reconcile mobile privacy and usability and, in particular, helping inform the design of more usable privacy interfaces and settings.

Method for assuring integrity of mobile applications and apparatus using the method

Abstract: An apparatus for assuring integrity of a mobile application or application software (app) includes a developer registration management unit configured to authenticate a mobile app developer based on an authentication means in response to a subscription and registration request of the mobile app developer, and an integrity verification unit configured to verify whether the mobile app has the integrity by unpackaging the mobile app uploaded to an app store server in a packaged state and determine whether to write a code signature of the app store server to the mobile app based on an integrity verification result. Thus, a secure mobile ecosystem can be constructed.

App law within: rights and regulation in the smartphone age

Abstract: This paper assesses the regulation of smartphone 'app stores.' At the outset, the adoption of smartphones and apps is noted, alongside the ways in which scholars and journalists have used these markets as the basis for the discussion of legal and economic issues. The importance (commercially and as a study in governance and control) of the iOS App Store (Apple) is highlighted. Part 2 deals with the relationship between Apple and app developers; three themes of Apple’s Guidelines are identified (content, development and payments), and the ways in which control can be challenged (through jailbreaking, ‘web apps’ and regulatory intervention) are scrutinised. Part 3 considers three ways in which apps are already regulated by law: the protection of consumers (particularly through the UK system for 'premium rate services'), user privacy, and (in brief) the regulation of video games and video-on-demand services in Europe. Finally, in Part 4, the tension between comparatively 'open and 'closed' app stores is highlighted; the problems of applying general provisions to emerging formats are emphasised. It is concluded that the emerging status of non-carrier app stores as neither retailer nor platform means that it is not yet possible to identify the form of regulation that is in operation, but that some steps are available to legislators that could shift the balance between closed and open models.This is a pre-print of an article, the final form of which appears in the International Journal of Law and Information Technology (Oxford University Press).