How Dangerous Permissions are Described in Android Apps' Privacy Policies?

Baalous, R. and Poet, R. (2018) How Dangerous Permissions are Described in Android Apps' Privacy Policies? In: 11th International Conference on Security of Information and Networks (SIN 18), Cardiff, Wales, 10-12 Sept 2018, ISBN 9781450366083 (doi:10.1145/3264437.3264477)

[img]
Preview
Text
172015.pdf - Accepted Version

349kB

Abstract

Google requires Android apps which handle users' personal data such as photos and contacts information to post a privacy policy which describes comprehensively how the app collects, uses and shares users' information. Unfortunately, while knowing why the app wants to access specific users' information is considered very useful, permissions screen in Android does not provide such pieces of information. Accordingly, users reported their concerns about apps requiring permissions that seem to be not related to the apps' functions. To advance toward practical solutions that can assist users in protecting their privacy, a technique to automatically discover the rationales of dangerous permissions requested by Android apps, by extracting them from apps' privacy policies, could be a great advantage. However, before being able to do so, it is important to bridge the gap between technical terms used in Android permissions and natural language terminology in privacy policies. In this paper, we recorded the terminology used in Android apps' privacy policies which describe usage of dangerous permissions. The semi-automated approach employs NLP and IE techniques to map privacy policies' terminologies to Android dangerous permissions. The mapping links 128 information types to Android dangerous permissions. This mapping produces semantic information which can then be used to extract the rationales of dangerous permissions from apps' privacy policies.

Item Type:Conference Proceedings
Status:Published
Refereed:Yes
Glasgow Author(s) Enlighten ID:Poet, Dr Ronald and Baalous, Rawan Sulaiman A
Authors: Baalous, R., and Poet, R.
College/School:College of Science and Engineering
College of Science and Engineering > School of Computing Science
Journal Name:Proceedings of the 11th International Conference on Security of Information and Networks - SIN '18
Publisher:ACM Press
ISBN:9781450366083
Copyright Holders:Copyright © 2018 The Authors
First Published:First published in Proceedings of the 11th International Conference on Security of Information and Networks 2018
Publisher Policy:Reproduced in accordance with the copyright policy of the publisher

University Staff: Request a correction | Enlighten Editors: Update this record