Visualizing Risk by Example: Demonstrating Threats Arising From Android Apps
نویسندگان
چکیده
Previous research has shown that only 17 % of Android smartphone users are consciously aware of the specific permissions an app demands during installation [2]. While this result is hardly surprising, it still puts the majority of smartphone users at risk. Kelley et al. recently argued that since permissions are not shown until after the installation button has already been pressed, the risks potentially arising from excessive app privileges are not part of the user’s decision process anymore [3]. They introduced a modified app information screen and showed that users became more reluctant to install apps requesting too many permissions. While they were able to increase the awareness of requested permissions, participants still reported that they were unsure about the threats arising from apps requesting too many permissions. We can conclude that users currently show limited awareness of threats and risks during the selection and installation of a new app and that the safety of their personal data is at stake. We believe that this situation can be improved by emphasizing the risks associated with an app’s installation. Thus, we evaluated a novel presentation of app permissions: our prototype illustrates risks arising from app permissions in the form of worst-case examples to demonstrate potential attack scenarios resulting from the malicious use of the requested permissions. In related work, Rader et al. [4] showed that many users learn about security from informal stories told by family and friends. Hence, in the terms of their work, we try to let the app market tell the user small stories about how private information may be at risk. In this position paper, we suggest to assist users in understanding permissions by using examples to communicate risk. We present results from a pilot study that evaluate the effectiveness of this approach. We compare app installation counts of the original Android market with our improved display. Our results show that making threats graspable
منابع مشابه
ریسک سنج: ابزاری برای سنجش دقیق میزان ریسک امنیتی برنامهها در دستگاههای همراه
Nowadays smartphones and tablets are widely used due to their various capabilities and features for end users. In these devices, accessing a wide range of services and sensitive information including private personal data, contact list, geolocation, sending and receiving messages, accessing social networks and etc. are provided via numerous application programs. These types of accessibilities, ...
متن کاملOn the Effectiveness of Malware Protection on Android an Evaluation of Android Antivirus Apps
Android is currently the most popular smartphone operating system. However, users feel their private information at threat, facing a rapidly increasing number of malware for Android which significantly exceeds that of other platforms. Antivirus software promises to effectively protect against malware on mobile devices and many products are available for free or at reasonable prices. Their effec...
متن کاملTwo-factor Protection Scheme in Securing the Source Code of Android Applications
While Android has become most popular OS in mobile phone market, more and more Android app developers are suffering from intellectual property infringement because it’s easy to extract the assets stored in the Android apps and to decompile Android apps to Java source code. This issue also poses threats to users’ privacy. In this article we reviewed the existing protection approaches for the pro...
متن کاملA Large-Scale Empirical Study on the Effects of Code Obfuscations on Android Apps and Anti-Malware Products
The Android platform has been the dominant mobile platform in recent years resulting inmillions of apps and security threats against those apps. Anti-malware products aim to protect smartphone users from these threats, especially frommalicious apps. However, malware authors use code obfuscation on their apps to evade detection by anti-malware products. To assess the effects of code obfuscation ...
متن کاملAnatomization and Protection of Mobile Apps' Location Privacy Threats
Mobile users are becoming increasingly aware of the privacy threats resulting from apps’ access of their location. Few of the solutions proposed thus far to mitigate these threats have been deployed as they require either app or platform modifications. Mobile operating systems (OSes) also provide users with location access controls. In this paper, we analyze the efficacy of these controls in co...
متن کامل