Android Permissions Remystified: A Field Study on Contextual Integrity Presenter: Hongyang Zhao Primal Wijesekera (UBC) Arjun Baokar (UC Berkeley) Ashkan.

Slides:

Advertisements

Similar presentations

Recruitment Booster.

Advertisements

Chrome Extentions Vulnerabilities. Introduction Google Chrome Browser Chrome OS Platform Chrome Web Store Applications Open Source Platform.

Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.

Policy Weaving for Mobile Devices Drew Davidson. Smartphone security is critical – 1200 to 1400 US Army troops to be equipped with Android smartphones.

Welcome to Florida International University Online J.O.B.S. Link Applicant Tutorial.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

March 13, 2004Securing Privacy Conference1 SENSOR NETWORKS & PRIVACY Pamela Samuelson, UC Berkeley, Securing Privacy Conference, March 13, 2004.

App Inventor Barb Ericson Georgia Tech

School location collector

Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.

A Survey of Mobile Phone Sensing Michael Ruffing CS 495.

CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.

You can customize your privacy settings. The privacy page gives you control over who can view your content. At most only your friends, their friends and.

Unsafe Exposure Analysis of Mobile In-App Advertisements Offense: Rachel Stonehirsch.

Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.

Medical Application Giant Squid Michal Cohen Robet Esho Chris Hogan Kate Kuleva Nisha Makwana Alex Rodrigues Rafal Urbanczyk.

Live Support A “receptionist” on your website (typing) Can answer questions Transfer calls to different departments Take messages Automatically “push”

A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.

Enhancing User Privacy on Android Devices Bachelor of Computer Science (Honours) Name: Quang Do Supervisor: Raymond Choo Associate Supervisor: Ben Martini.

MyTix: NJ TRANSIT’s Mobile Ticketing Application Research, February 2015 Research and Forecasting.

Authors: William Enck The Pennsylvania State University Peter Gilbert Duke University Byung-Gon Chun Intel Labs Landon P. Cox Duke University Jaeyeon Jung.

UNCLASSIFIED User Guide Applicant. UNCLASSIFIED Table of Contents What is the SAFETY Act? Applicant Guide Help Desk.

1 Team Leader TKS Job Aid. 2 Viewing the On-line Presentation If you are viewing this presentation via Internet Explorer for best results resize the “Notes”

Phones and fieldTask. Session Objective Be familiar with: – selecting smart phones for a survey, – configuring them – and using them – fieldTask (c) Smap.

Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.

Administrator – Employee Overview September, 2011.

University of Central Florida TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Written by Enck, Gilbert,

ADV. NETWORK SECURITY CODY WATSON What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protections of External Resources.

Mobile Usage Patterns and Privacy Implications Michael Mitchell March 27, 2015 Ratnesh Patidar, Manik Saini, Parteek Singh, An-I Wang Florida State University.

IPSOS / Vodafone / Novartis Kenya 17 December 2014.

Happy Wednesday! You will have a little time to put your posters together.

Protecting Yourself on Social Media – Friend Requests And Messages.

Android System Security Xinming Ou. Android System Basics An open-source operating system for mobile devices (AOSP, led by Google) – Consists of a base.

FCM Workflow using GCM.

The world leader in serving science Overview of Thermo 21 CFR Part 11 tools Overview of software used by multiple business units within the Spectroscopy.

FriendFinder Location-aware social networking on mobile phones.

Android Permissions Demystified

PAYware Mobile Android Comparison June 2013 For Internal Use Only.

Once, Only Once, and In the Right Place: Gathering Location Data for the 2020 Census Jennifer Hunter Childs Center for Survey Measurement Research and.

Is Context-Aware Computing Taking Control Away from the User? Three Levels of Interactivity Examined Louise Barkhuus and Anind Dey The IT University of.

Power Guru: Implementing Smart Power Management on the Android Platform Written by Raef Mchaymech.

Unit 3 Seminar.  Used to predict acceptable or unacceptable behavior  Helps to assess level of skills/knowledge/ characteristics applicants have  Reduce.

A Software Energy Analysis Method using Executable UML for Smartphones Kenji Hisazumi System LSI Research Center Kyushu University.

DeepDroid Dynamically Enforcing Enterprise Policy Manwoong (Andy) Choi

Analyzing Input Validation vulnerabilities in Android System Services NAMJUN PARK (NPAR350)

THREATS, VULNERABILITIES IN ANDROID OS BY DNYANADA PRAMOD ARJUNWADKAR AJINKYA THORVE Guided by, Prof. Shambhu Upadhyay.

 Using Touchloggers To Build User Profiles Through Machine Learning Craig Dezangle.

Android and IOS Permissions Why are they here and what do they want from me?

PRISM: Platform for Remote Sensing using Smart phones {Tathagata Das, Venkata N. Padmanabhan, Ramachandran Ramjee, Asankhaya Sharma } - Microsoft Research.

Visibook is instant, simple, and dynamic appointment booking We're headquartered in San Francisco, California "Visibook is awesome. My entire studio was.

SQL Database Management

Facebook privacy policy

More Security and Programming Language Work on SmartPhones

Downloading and Installing

Free for All! Assessing User Data Exposure to Advertising Libraries on Android Campbell Foskin.

Understanding Android Security

Android System Security

SSOScan: Automated Testing of Web Applications for Single Sign-On Vulnerabilities Yuchen Zhou, and David Evans 23rd USENIX Security Symposium, August,

RR RR Problems Along With Solutions For iPhone And iPad Toll Free ( )

How to Install Norton Antivirus on Android Phone? We are providing easy steps to install Norton antivirus on android phone. If you facing any technical issue related to installing then you should contact via support. Get more details to visit our website

DATA COLLECTION, MANAGEMENT AND ANALYSIS

What Is Sharepoint? Mohsen Ashkboos

Swipe to Donate Life.

LocationSafe: Granular Location Privacy for Mobile IoT

Understanding Android Security

Multi-Factor Authentication

The basics of Social Science Research Lecture 3

Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

IT and Society Week 2: Privacy.

Presentation transcript:

Android Permissions Remystified: A Field Study on Contextual Integrity Presenter: Hongyang Zhao Primal Wijesekera (UBC) Arjun Baokar (UC Berkeley) Ashkan Hosseini (UC Berkeley) Serge Egelman (UC Berkeley) David Wagner (UC Berkeley) Konstantin Beznosov (UBC)

Android Permission 2  Android permission  Regulate how applications access protected resources  Prompt user during installation  Users’ Options  Accept permissions requested  Discontinue installing

Problem Statement 3  When developers use permissions  Not fully knowledgeable  Given too much freedom to post to Google Play Store  Not follow the principle of lease privilege  When users meet permissions  No comprehension  No contextual cues  User habituation Lots of unnecessary application permissions are approved Application can get access to protected resources unexpected

Previous solutions & Limitation 4  Prompt permission request at run-time  Action is not reversible  Data is sensitive  Incurs additional cost Too many prompts

Solution 5  When to actually prompt?  not reversible/sensitive/Incurs additional cost  Unexpected (“Privacy violations occur when sensitive information is used in ways defying users’ expectations”)  Goal  Confront users with necessary permission requests, not the expected, reversible, or unconcerning ones. A. P. Felt, S. Egelman, M. FiniUer, D. Akhawe, and D. Wagner. How to Ask for Permission. Proceedings of the USENIX Workshop On Hot Topics In Computer Security (HotSec), 2012.

Two steps 6  Instrument Android to collect data  How often and under what circumstances smartphone apps are accessing protected resources regulated by permissions?  Survey users when they exit the experiment  If given the opportunity, whether users would like to deny applications access to protected resources?

Outline 7  Problem statement  Data collection  Application behavior  User expectation & reactions  Model users’ decision  Conclusion  Quiz

Data collection Procedure 8  Tracking access to sensitive data  Modify Android to log whenever an app accessed a protected resource  Recruitment  36/48 qualified participants from Craigslist  Exit survey  Whether resource access instances are expected  Whether users would like to deny access

Data collection Architecture 9  Producers: hook Android API call  Log protected API methods that are called  Log access to protected ContentProviders class  Log access to protected Intents  Consumer: embedded in Android service  Write data to a log file  Upload to server

Data collection 10  The experiment  36 Android smartphone users  1week of real-world use  27 million permission requests ( requests/day/user)  12 permissions  Felt et al. recommend to be granted via runtime dialogs  Randomly take screenshots when permissions are checked

Data collection 11  Screenshot (cards)  Log entry (music app)

Exit Survey 12

Exit Survey 13

Outline 14  Problem statement  Data collection  Application behaviors  Invisible permission requests  High frequency requests  Feasibility of runtime requests  User expectation & reactions  Model users’ decision  Conclusion  Quiz

Invisible Permission Requests 15  Invisible permission requests  The requests that users don’t know they occur  Five application states with regard to visibility to users:  Visible foreground application (12.04%)  Invisible background application (0.70%)  Visible background service (12.86%)  Invisible background service (14.40%)  Screen off (60.00%)

Invisible Permission Requests 16  Five application states with regard to visibility to users:  Visible foreground application (12.04%)  Invisible background application (0.70%)  Visible background service (12.86%)  Invisible background service (14.40%)  Screen off (60.00%)  Invisible permission: 75.1%

Invisible Permission Requests 17  Most frequently requested permissions with zero visiblity to users (per user/day)  Network: every 3 seconds  The apps making the most permission requests while invisible to users (per user/day)

Invisible Permission Requests 18  Low visibility of location tracking  GPS location provider (0.04%)  Cellular tower (66.1%)  Wifi (33.3%)  Network provider (0.08%)  Cashed location (0.48%)  GPS notification icon appear 0.04% of access of location

High Frequency Requests 19  Exception of Google’s apps, all the other apps make excessive requests for phone’s connectivity state  Adverse effect on performance and battery life

Feasibility of Runtime Requests 20  Observations:  8 requests per minute/user  4 exposes per minute/user (15 seconds)  Every other permission request exposes data  Frequency is too high to prompt users in runtime Sensitive permission requests (per user/day) when apps visible/invisible to users

Outline 21  Problem statement  Data collection  Application behavior  User expectation & reactions  Model users’ decision  Conclusion  Quiz

User expectation & reactions 22  Screenshots + permission requested: users want to block 35% of 432 permission request  53% of denied permissions are perceived as functionally irrelevant  “It wasn’t doing anything that needed my current location”  32% of denied permissions are privacy sensitive  “SMS messages are quite personal”

User expectation & reactions 23  What factors influence users’ desires to block requests?  Identifying permissions  Visibility  Privacy preferences  Expectation  Users are more likely to block invisible, unexpected requests.

Outline 24  Problem statement  Data collection  Application behavior  User expectation & reactions  Model users’ decision  Conclusion  Quiz

Model users’ decision 25  Use contextual data to examine users’ desire to block certain permission requests  Permission types  Visibility of application  Application name  User ID  A classifier to determine when to prompt users

Model Selection 26  Binary logistic regression model  Permission types  Visibility of application  Application name  User ID  Two separate models based on the screen state result in better fit than a single model with screen state as a fixed effect

Predicting User Reactions 27  Regression Model  Screen on: visibility, application, user (AUC=0.7)  Screen off: permission, application, user (AUC=0.8)  Different users have different preferences  One size-fit-all policy will not be effective

Conclusion 28  A first field study to quantify the permission usage by third party applications under realistic circumstances.  Show that participants want to block access to protected resources a third of time.  Model users’ decisions and show how a runtime classifier may be able to determine when to confront users with permission decisions.

My opinion 29  Data collection procedure is very good. (Screenshot)  Find some interesting results  Small dataset (1 week)  Validity of dataset?  Classification is very week.  Take more factors into consideration  Time, location, personalization…  Only analyze the user’s attitude towards permission requests from apps. Don’t know why app request permission to protected resources.

Quiz 30  What’s the functionality of Android Permission?  What are invisible permission request?  Is it feasible to prompt users whenever sensitive data are accessed at runtime?

Thank you!