Baalous, R. and Poet, R. (2018) How Dangerous Permissions are Described in Android Apps' Privacy Policies? In: 11th International Conference on Security of Information and Networks (SIN 18), Cardiff, Wales, 10-12 Sept 2018, ISBN 9781450366083 (doi: 10.1145/3264437.3264477)
|
Text
172015.pdf - Accepted Version 349kB |
Abstract
Google requires Android apps which handle users' personal data such as photos and contacts information to post a privacy policy which describes comprehensively how the app collects, uses and shares users' information. Unfortunately, while knowing why the app wants to access specific users' information is considered very useful, permissions screen in Android does not provide such pieces of information. Accordingly, users reported their concerns about apps requiring permissions that seem to be not related to the apps' functions. To advance toward practical solutions that can assist users in protecting their privacy, a technique to automatically discover the rationales of dangerous permissions requested by Android apps, by extracting them from apps' privacy policies, could be a great advantage. However, before being able to do so, it is important to bridge the gap between technical terms used in Android permissions and natural language terminology in privacy policies. In this paper, we recorded the terminology used in Android apps' privacy policies which describe usage of dangerous permissions. The semi-automated approach employs NLP and IE techniques to map privacy policies' terminologies to Android dangerous permissions. The mapping links 128 information types to Android dangerous permissions. This mapping produces semantic information which can then be used to extract the rationales of dangerous permissions from apps' privacy policies.
Item Type: | Conference Proceedings |
---|---|
Status: | Published |
Refereed: | Yes |
Glasgow Author(s) Enlighten ID: | Poet, Dr Ron and Baalous, Rawan Sulaiman A |
Authors: | Baalous, R., and Poet, R. |
College/School: | College of Science and Engineering College of Science and Engineering > School of Computing Science |
Journal Name: | Proceedings of the 11th International Conference on Security of Information and Networks - SIN '18 |
Publisher: | ACM Press |
ISBN: | 9781450366083 |
Copyright Holders: | Copyright © 2018 The Authors |
First Published: | First published in Proceedings of the 11th International Conference on Security of Information and Networks 2018 |
Publisher Policy: | Reproduced in accordance with the copyright policy of the publisher |
University Staff: Request a correction | Enlighten Editors: Update this record