Splitting Third-Party Libraries’ Privileges from Android Apps

2017 ◽  
pp. 80-94 ◽  
Author(s):  
Jiawei Zhan ◽  
Quan Zhou ◽  
Xiaozhuo Gu ◽  
Yuewu Wang ◽  
Yingjiao Niu
Keyword(s):  
Third Party ◽  
Android Apps

scholarly journals Locking it down

2016 ◽  
Vol 150 (1) ◽  
pp. 60-66 ◽  
Author(s):  
Kelly Grindrod ◽  
Jonathan Boersema ◽  
Khrystine Waked ◽  
Vivian Smith ◽  
Jilan Yang ◽  
...  
Keyword(s):  
Health Information ◽  
Personal Information ◽  
Medication Management ◽  
Kappa Statistic ◽  
Personal Health Information ◽  
Third Party ◽  
Personal Health ◽  
Privacy And Security ◽  
Standard Data ◽  
Android Apps

Objective: To explore the privacy and security of free medication applications (apps) available to Canadian consumers. Methods: The authors searched the Canadian iTunes store for iOS apps and the Canadian Google Play store for Android apps related to medication use and management. Using an Apple iPad Air 2 and a Google Nexus 7 tablet, 2 reviewers generated a list of apps that met the following inclusion criteria: free, available in English, intended for consumer use and related to medication management. Using a standard data collection form, 2 reviewers independently coded each app for the presence/absence of passwords, the storage of personal health information, a privacy statement, encryption, remote wipe and third-party sharing. A Cohen’s Kappa statistic was used to measure interrater agreement. Results: Of the 184 apps evaluated, 70.1% had no password protection or sign-in system. Personal information, including name, date of birth and gender, was requested by 41.8% (77/184) of apps. Contact information, such as address, phone number and email, was requested by 25% (46/184) of apps. Finally, personal health information, other than medication name, was requested by 89.1% (164/184) of apps. Only 34.2% (63/184) of apps had a privacy policy in place. Conclusion: Most free medication apps offer very limited authentication and privacy protocols. As a result, the onus currently falls on patients to input information in these apps selectively and to be aware of the potential privacy issues. Until more secure systems are built, health care practitioners cannot fully support patients wanting to use such apps.

scholarly journals The Price is (Not) Right: Comparing Privacy in Free and Paid Apps

2020 ◽  
Vol 2020 (3) ◽  
pp. 222-242 ◽  
Author(s):  
Catherine Han ◽  
Irwin Reyes ◽  
Álvaro Feal ◽  
Joel Reardon ◽  
Primal Wijesekera ◽  
...  
Keyword(s):  
Data Collection ◽  
Dynamic Analysis ◽  
Online Survey ◽  
Mobile Apps ◽  
Third Party ◽  
Security And Privacy ◽  
Consumer Privacy ◽  
Static And Dynamic Analysis ◽  
Android Apps ◽  
Collection Practices

AbstractIt is commonly assumed that “free” mobile apps come at the cost of consumer privacy and that paying for apps could offer consumers protection from behavioral advertising and long-term tracking. This work empirically evaluates the validity of this assumption by comparing the privacy practices of free apps and their paid premium versions, while also gauging consumer expectations surrounding free and paid apps. We use both static and dynamic analysis to examine 5,877 pairs of free Android apps and their paid counterparts for differences in data collection practices and privacy policies between pairs. To understand user expectations for paid apps, we conducted a 998-participant online survey and found that consumers expect paid apps to have better security and privacy behaviors. However, there is no clear evidence that paying for an app will actually guarantee protection from extensive data collection in practice. Given that the free version had at least one thirdparty library or dangerous permission, respectively, we discovered that 45% of the paid versions reused all of the same third-party libraries as their free versions, and 74% of the paid versions had all of the dangerous permissions held by the free app. Likewise, our dynamic analysis revealed that 32% of the paid apps exhibit all of the same data collection and transmission behaviors as their free counterparts. Finally, we found that 40% of apps did not have a privacy policy link in the Google Play Store and that only 3.7% of the pairs that did reflected differences between the free and paid versions.

scholarly journals Influencing User’s Behavior Concerning Android Privacy Policy: An Overview

2021 ◽  
Vol 2021 ◽  
pp. 1-19
Author(s):  
Ming Di ◽  
Shah Nazir ◽  
Fucheng Deng
Keyword(s):  
User Behavior ◽  
Third Party ◽  
Security And Privacy ◽  
Privacy Policy ◽  
Sensitive Data ◽  
Privacy And Security ◽  
Android Apps ◽  
Search Results ◽  
Privacy Risks ◽  
Work Done

The wide-ranging implementation of Android applications used in various devices, from smartphones to intelligent television, has made it thought-provoking for developers. The permission granting mechanism is one of the defects imposed by the developers. Such assessing of defects does not allow the user to comprehend the implication of privacy for granting permission. Mobile applications are speedily easily reachable to typical users of mobile. Despite possible applications for improving the affordability, availability, and effectiveness of delivering various services, it handles sensitive data and information. Such data and information carry considerable security and privacy risks. Users are usually unaware of how the data can be managed and used. Reusable resources are available in the form of third-party libraries, which are broadly active in android apps. It provides a diversity of functions that deliver privacy and security concerns. Host applications and third-party libraries are run in the same process and share similar permissions. The current study has presented an overview of the existing approaches, methods, and tools used for influencing user behavior concerning android privacy policy. Various prominent libraries were searched, and their search results were analyzed briefly. The search results were presented in diverse perspectives for showing the details of the work done in the area. This will help researchers to offer new solutions in the area of the research.

scholarly journals Fuzzy Integral-Based Multi-Classifiers Ensemble for Android Malware Classification

Mathematics ◽  
2021 ◽  
Vol 9 (22) ◽  
pp. 2880
Author(s):  
Altyeb Taha ◽  
Omar Barukab ◽  
Sharaf Malebary
Keyword(s):  
Difficult Problem ◽  
Third Party ◽  
Fuzzy Integral ◽  
User Privacy ◽  
Dynamic Nature ◽  
Android Malware ◽  
Android Apps ◽  
Multiple Classifiers ◽  
Malware Classification ◽  
Security Checks

One of the most commonly used operating systems for smartphones is Android. The open-source nature of the Android operating system and the ability to include third-party Android apps from various markets has led to potential threats to user privacy. Malware developers use sophisticated methods that are intentionally designed to bypass the security checks currently used in smartphones. This makes effective detection of Android malware apps a difficult problem and important issue. This paper proposes a novel fuzzy integral-based multi-classifier ensemble to improve the accuracy of Android malware classification. The proposed approach utilizes the Choquet fuzzy integral as an aggregation function for the purpose of combining and integrating the classification results of several classifiers such as XGBoost, Random Forest, Decision Tree, AdaBoost, and LightGBM. Moreover, the proposed approach utilizes an adaptive fuzzy measure to consider the dynamic nature of the data in each classifier and the consistency and coalescence between each possible subset of classifiers. This enables the proposed approach to aggregate the classification results from the multiple classifiers. The experimental results using the dataset, consisting of 9476 Android goodware apps and 5560 malware Android apps, show that the proposed approach for Android malware classification based on the Choquet fuzzy integral technique outperforms the single classifiers and achieves the highest accuracy of 95.08%.

scholarly journals Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications

2018 ◽  
Vol 2018 (4) ◽  
pp. 33-50 ◽  
Author(s):  
Elleen Pan ◽  
Jingjing Ren ◽  
Martina Lindorfer ◽  
Christo Wilson ◽  
David Choffnes
Keyword(s):  
Large Scale ◽  
Mobile Apps ◽  
Video Data ◽  
Multimedia Data ◽  
Third Party ◽  
Sensor Data ◽  
Personal Privacy ◽  
Static And Dynamic Analysis ◽  
Android Apps ◽  
Privacy Risks

Abstract The high-fidelity sensors and ubiquitous internet connectivity offered by mobile devices have facilitated an explosion in mobile apps that rely on multimedia features. However, these sensors can also be used in ways that may violate user’s expectations and personal privacy. For example, apps have been caught taking pictures without the user’s knowledge and passively listened for inaudible, ultrasonic audio beacons. The developers of mobile device operating systems recognize that sensor data is sensitive, but unfortunately existing permission models only mitigate some of the privacy concerns surrounding multimedia data. In this work, we present the first large-scale empirical study of media permissions and leaks from Android apps, covering 17,260 apps from Google Play, AppChina, Mi.com, and Anzhi. We study the behavior of these apps using a combination of static and dynamic analysis techniques. Our study reveals several alarming privacy risks in the Android app ecosystem, including apps that over-provision their media permissions and apps that share image and video data with other parties in unexpected ways, without user knowledge or consent. We also identify a previously unreported privacy risk that arises from third-party libraries that record and upload screenshots and videos of the screen without informing the user and without requiring any permissions.

Understanding and Conquering the Difficulties in Identifying Third-party Librariesfrom Millions of Android Apps

2021 ◽  
pp. 1-1
Author(s):  
Yanghua Zhang ◽  
Jice Wang ◽  
Hexiang Huang ◽  
Yuqing Zhang ◽  
Peng Liu
Keyword(s):  
Third Party ◽  
Android Apps
Sign in / Sign up

Export Citation Format

Share Document