Skip to main content
SpringerLink
Log in

Enhancing User Privacy in Mobile Devices Through Prediction of Privacy Preferences

  • Conference paper
  • First Online:
Computer Security – ESORICS 2022 (ESORICS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13554))

Included in the following conference series:

Abstract

The multitude of applications and security configurations of mobile devices requires automated approaches for effective user privacy protection. Current permission managers, the core mechanism for privacy protection in smartphones, have shown to be ineffective by failing to account for privacy’s contextual dependency and personal preferences within context. In this paper we focus on the relation between privacy decisions (e.g. grant or deny a permission request) and their surrounding context, through an analysis of a real world dataset obtained in campaigns with 93 users. We leverage such findings and the collected data to develop methods for automated, personalized and context-aware privacy protection, so as to predict users’ preferences with respect to permission requests. Our analysis reveals that while contextual features have some relevance in privacy decisions, the increase in prediction performance of using such features is minimal, since two features alone are capable of capturing a relevant effect of context changes, namely the category of the requesting application and the requested permission. Our methods for prediction of privacy preferences achieved an F1 score of 0.88, while reducing the number of privacy violations by 28% when compared to the standard Android permission manager.

This work is supported by project COP-MODE, that has received funding from the European Union’s Horizon 2020 research and innovation programme under the NGI TRUST grant agreement no 825618, and the project SNOB-5G with Nr. 045929 (CENTRO-01-0247-FEDER-045929) supported by the European Regional Development Fund (FEDER), through the Regional Operational Programme of Centre (CENTRO 2020) of the Portugal 2020 framework and FCT under the MIT Portugal Program. Ricardo Mendes and Mariana Cunha wish to acknowledge the Portuguese funding institution FCT - Foundation for Science and Technology for supporting their research under the Ph.D. grant SFRH/BD/128599/2017 and 2020.04714.BD, respectively.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Acquisti, A., Brandimarte, L., Loewenstein, G.: Privacy and human behavior in the age of information. Science 347(6221), 509–515 (2015)

    Article  Google Scholar 

  2. Almuhimedi, H., et al.: Your location has been shared 5,398 times!: a field study on mobile app privacy nudging. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 787–796. ACM (2015)

    Google Scholar 

  3. Andriotis, P., Stringhini, G., Sasse, M.A.: Studying users’ adaptation to Android’s run-time fine-grained access control system. J. Inf. Secur. Appl. 40, 31–43 (2018)

    Google Scholar 

  4. Balebako, R., Jung, J., Lu, W., Cranor, L.F., Nguyen, C.: Little brothers watching you: raising awareness of data leaks on smartphones. In: Proceedings of the Ninth Symposium on Usable Privacy and Security–SOUPS 2013, p. 1 (2013)

    Google Scholar 

  5. Bonné, B., Peddinti, S.T., Bilogrevic, I., Taft, N.: Exploring decision making with android’s runtime permission dialogs using in-context surveys. In: Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017), pp. 195–210. USENIX Association, Santa Clara, CA (2017)

    Google Scholar 

  6. Brandão, A., Mendes, R., Vilela, J.P.: Prediction of mobile app privacy preferences with user profiles via federated learning. In: Proceedings of the Twelveth ACM Conference on Data and Application Security and Privacy, pp. 89–100 (2022)

    Google Scholar 

  7. Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the Eighth Symposium on Usable Privacy and Security (SOUPS 2012). Association for Computing Machinery, New York, NY, USA (2012)

    Google Scholar 

  8. Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N., Wetherall, D.: A conundrum of permissions: installing applications on an android smartphone. In: Blyth, J., Dietrich, S., Camp, L.J. (eds.) FC 2012. LNCS, vol. 7398, pp. 68–79. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34638-5_6

  9. Lin, J., Liu, B., Sadeh, N., Hong, J.I.: Modeling users’ mobile app privacy preferences: restoring usability in a sea of permission settings. In: 10th Symposium On Usable Privacy and Security (SOUPS 2014), pp. 199–212. USENIX Association, Menlo Park, CA (2014)

    Google Scholar 

  10. Liu, B., Andersen, M.S., Schaub, F., Almuhimedi, H., Zhang, S., Sadeh, N., Acquisti, A., Agarwal, Y.: Follow my recommendations: A personalized privacy assistant for mobile app permissions. In: Symposium on Usable Privacy and Security (2016)

    Google Scholar 

  11. Liu, B., Lin, J., Sadeh, N.: Reconciling mobile app privacy and usability on smartphones: could user privacy profiles help? In: Proceedings of the 23rd International Conference on World Wide Web–WWW 2014, pp. 201–212 (2014)

    Google Scholar 

  12. Mendes, R., Brandão, A., Vilela, J.P., Beresford, A.R.: Effect of user expectation on mobile app privacy: a field study. In: 2022 IEEE International Conference on Pervasive Computing and Communications (PerCom), pp. 207–214 (2022)

    Google Scholar 

  13. Nissenbaum, H.: Privacy as contextual integrity. Wash. L. Rev. 79, 119 (2004)

    Google Scholar 

  14. Olejnik, K., Dacosta, I., Machado, J.S., Huguenin, K., Khan, M.E., Hubaux, J.P.: SmarPer: context-aware and automatic runtime-permissions for mobile devices. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 1058–1076. IEEE (2017)

    Google Scholar 

  15. Ravichandran, R., Benisch, M., Kelley, P.G., Sadeh, N.M.: Capturing social networking privacy preferences. In: Goldberg, I., Atallah, M.J. (eds.) PETS 2009. LNCS, vol. 5672, pp. 1–18. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03168-7_1

    Chapter  Google Scholar 

  16. Sanchez, O.R., Torre, I., He, Y., Knijnenburg, B.P.: A recommendation approach for user privacy preferences in the fitness domain. User Model. User-Adapted Interact. 30(3), 513–565 (2020)

    Google Scholar 

  17. Shen, B., et al.: Can systems explain permissions better? Understanding users’ misperceptions under smartphone runtime permission model. In: 30th USENIX Security Symposium (USENIX Security 21) (2021)

    Google Scholar 

  18. Shklovski, I., Mainwaring, S.D., Skúladóttir, H.H., Borgthorsson, H.: Leakiness and creepiness in app space: perceptions of privacy and mobile app use. In: Proceedings of the 32nd Annual ACM Conference on Human Factors in Computing Systems, pp. 2347–2356. ACM (2014)

    Google Scholar 

  19. Tsai, L., et al.: Turtle guard: helping android users apply contextual privacy preferences. In: Symposium on Usable Privacy and Security (SOUPS) 2017 (Soups) (2017)

    Google Scholar 

  20. Union, E.: Regulation (eu) 2016/679 of the european parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/ec (general data protection regulation). Off. J. L110 59, 1–88 (2016)

    Google Scholar 

  21. Votipka, D., Rabin, S.M., Micinski, K., Gilray, T., Mazurek, M.L., Foster, J.S.: User comfort with android background resource accesses in different contexts. In: Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018), pp. 235–250 (2018)

    Google Scholar 

  22. Wijesekera, P., Baokar, A., Hosseini, A., Egelman, S., Wagner, D., Beznosov, K.: Android permissions remystified: a field study on contextual integrity. In: USENIX Security, vol. 15 (2015)

    Google Scholar 

  23. Wijesekera, P., et al.: The feasibility of dynamically granted permissions: aligning mobile privacy with user preferences. In: Proceedings–IEEE Symposium on Security and Privacy, pp. 1077–1093 (2017)

    Google Scholar 

  24. Wijesekera, P., et al.: Contextualizing privacy decisions for better prediction (and protection). In: Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, pp. 268:1–268:13. CHI 2018, ACM, New York, NY, USA (2018)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. CISUC and Department of Informatics Engineering, University of Coimbra, 3030-290, Coimbra, Portugal

    Ricardo Mendes

  2. CRACS/INESCTEC, CISUC and Department of Computer Science, Faculty of Sciences, University of Porto, Porto, Portugal

    Mariana Cunha & João P. Vilela

  3. Computer Laboratory, University of Cambridge, Cambridge, UK

    Alastair R. Beresford

Authors
  1. Ricardo Mendes
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mariana Cunha
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. João P. Vilela
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Alastair R. Beresford
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ricardo Mendes .

Editor information

Editors and Affiliations

  1. Rutgers University, Newark, NJ, USA

    Vijayalakshmi Atluri

  2. Hamad Bin Khalifa University, Doha, Qatar

    Roberto Di Pietro

  3. Technical University of Denmark, Kongens Lyngby, Denmark

    Christian D. Jensen

  4. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

Appendices

A A Grant Rate

Figure 6 presents the average grant result for each pair of category of the requesting app and requested permission.

Fig. 6.
figure 6

Average grant result for each pair of category-permission. The number in each cell is the number of requests for the respective pair category-permission group, and GR is the grant rate for the respective category or permission. Categories and permissions with less than 10 requests were removed.

Full size image

B B Information Gain

Table 2 presents the information gain for the grant result with each other feature in the dataset, where categorical features were one-hot encoded.

Table 2. Information Gain for the grant result with every other feature. Showing only values greater than 0.
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Mendes, R., Cunha, M., Vilela, J.P., Beresford, A.R. (2022). Enhancing User Privacy in Mobile Devices Through Prediction of Privacy Preferences. In: Atluri, V., Di Pietro, R., Jensen, C.D., Meng, W. (eds) Computer Security – ESORICS 2022. ESORICS 2022. Lecture Notes in Computer Science, vol 13554. Springer, Cham. https://doi.org/10.1007/978-3-031-17140-6_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-17140-6_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-17139-0

  • Online ISBN: 978-3-031-17140-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation