Personal Information Classification on Aggregated Android Application’s Permissions
| Autor: | Chul-Soo Kim, Jinhong Yang, Mehedi Hassan Onik, Nam-Yong Lee |
|---|---|
| Jazyk: | angličtina |
| Rok vydání: | 2019 |
| Předmět: |
IoT
ComputerSystemsOrganization_COMPUTERSYSTEMIMPLEMENTATION data aggregation Computer science 02 engineering and technology security app publisher Permission privacy lcsh:Technology World Wide Web lcsh:Chemistry Android mental disorders 0202 electrical engineering electronic engineering information engineering Web application Profiling (information science) General Materials Science Android (operating system) GeneralLiterature_REFERENCE(e.g. dictionaries encyclopedias glossaries) Instrumentation lcsh:QH301-705.5 Fluid Flow and Transfer Processes Social graph User profile Application programming interface PII business.industry lcsh:T Process Chemistry and Technology General Engineering 020206 networking & telecommunications 020207 software engineering lcsh:QC1-999 Computer Science Applications machine learning lcsh:Biology (General) lcsh:QD1-999 lcsh:TA1-2040 business lcsh:Engineering (General). Civil engineering (General) Personally identifiable information lcsh:Physics |
| Zdroj: | Applied Sciences, Vol 9, Iss 19, p 3997 (2019) Applied Sciences Volume 9 Issue 19 |
| ISSN: | 2076-3417 |
| Popis: | Android is offering millions of apps on Google Play-store by the application publishers. However, those publishers do have a parent organization and share information with them. Through the &lsquo Android permission system&rsquo a user permits an app to access sensitive personal data. Large-scale personal data integration can reveal user identity, enabling new insights and earn revenue for the organizations. Similarly, aggregation of Android app permissions by the app owning parent organizations can also cause privacy leakage by revealing the user profile. This work classifies risky personal data by proposing a threat model on the large-scale app permission aggregation by the app publishers and associated owners. A Google-play application programming interface (API) assisted web app is developed that visualizes all the permissions an app owner can collectively gather through multiple apps released via several publishers. The work empirically validates the performance of the risk model with two case studies. The top two Korean app owners, seven publishers, 108 apps and 720 sets of permissions are studied. With reasonable accuracy, the study finds the contact number, biometric ID, address, social graph, human behavior, email, location and unique ID as frequently exposed data. Finally, the work concludes that the real-time tracking of aggregated permissions can limit the odds of user profiling. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|