ABSTRACT
Permission managers in mobile devices allow users to control permissions requests, by granting of denying application's access to data and sensors. However, existing managers are ineffective at both protecting and warning users of the privacy risks of their permissions' decisions. Recent research proposes privacy protection mechanisms through user profiles to automate privacy decisions, taking personal privacy preferences into consideration. While promising, these proposals usually resort to a centralized server towards training the automation model, thus requiring users to trust this central entity. In this paper we propose a methodology to build privacy profiles and train neural networks for prediction of privacy decisions, while guaranteeing user privacy, even against a centralized server. Specifically, we resort to privacy-preserving clustering techniques towards building the privacy profiles, that is, the server computes the centroids (profiles) without access to the underlying data. Then, using federated learning, the model to predict permission decisions is learnt in a distributed fashion while all data remains locally in the users' devices. Experiments following our methodology show the feasibility of building a personalized and automated permission manager guaranteeing user privacy, while also reaching a performance comparable to the centralized state of the art, with an F1-score of 0.9.
Supplemental Material
- Yuvraj Agarwal and Malcolm Hall. 2013. ProtectMyPrivacy: Detecting and Mitigating Privacy Leaks on IOS Devices Using Crowdsourcing. In Proceeding of the 11th Annual International Conference on Mobile Systems, Applications, and Services (Taipei, Taiwan) (MobiSys '13). Association for Computing Machinery, New York, NY, USA, 97--110. https://doi.org/10.1145/2462456.2464460Google ScholarDigital Library
- Panagiotis Andriotis, Gianluca Stringhini, and Martina Angela Sasse. 2018. Studying users' adaptation to Android's run-time fine-grained access control system. Journal of Information Security and Applications , Vol. 40 (2018), 31--43. https://doi.org/10.1016/j.jisa.2018.02.004Google ScholarCross Ref
- André Brand ao, Ricardo Mendes, and Jo ao P Vilela. 2021. Efficient privacy preserving distributed K-means for non-IID data. In Advances in Intelligent Data Analysis XIX. Springer International Publishing, Cham, 439--451.Google Scholar
- Wenyun Dai, Meikang Qiu, Longfei Qiu, Longbin Chen, and Ana Wu. 2017. Who Moved My Data? Privacy Protection in Smartphones. IEEE Communications Magazine , Vol. 55 (01 2017), 20--25. https://doi.org/10.1109/MCOM.2017.1600349CMGoogle ScholarDigital Library
- Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, and David Wagner. 2012. Android Permissions: User Attention, Comprehension, and Behavior. In Proceedings of the Eighth Symposium on Usable Privacy and Security (Washington, D.C.) (SOUPS '12). Association for Computing Machinery, New York, NY, USA, Article 3, 14 pages. https://doi.org/10.1145/2335356.2335360Google ScholarDigital Library
- Alessandra Gorla, Ilaria Tavecchia, Florian Gross, and Andreas Zeller. 2014. Checking App Behavior against App Descriptions. In International Conference on Software Engineering (Hyderabad, India). Association for Computing Machinery, New York, NY, USA, 1025--1035. https://doi.org/10.1145/2568225.2568276Google ScholarDigital Library
- Mona Hamidi, Mina Sheikhalishahi, and Fabio Martinelli. 2018. A Secure Distributed Framework for Agglomerative Hierarchical Clustering Construction. In 2018 26th Euromicro International Conference on Parallel, Distributed and Network-based Processing. IEEE, UK, 430--435. https://doi.org/10.1109/PDP2018.2018.00075Google ScholarCross Ref
- International Data Corporation. 2018. Smartphone Market Share. https://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-us-election . Accessed: 2021--10--11.Google Scholar
- Qatrunnada Ismail, Tousif Ahmed, Apu Kapadia, and Michael K. Reiter. 2015. Crowdsourced Exploration of Security Configurations .Association for Computing Machinery, New York, NY, USA, 467--476. https://doi.org/10.1145/2702123.2702370Google ScholarDigital Library
- Patrick Gage Kelley, Sunny Consolvo, Lorrie Faith Cranor, Jaeyeon Jung, Norman Sadeh, and David Wetherall. 2012. A Conundrum of Permissions: Installing Applications on an Android Smartphone. In Financial Cryptography and Data Security, Jim Blyth, Sven Dietrich, and L. Jean Camp (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 68--79.Google Scholar
- Jialiu Lin, Bin Liu, Norman Sadeh, and Jason I. Hong. 2014. Modeling Users' Mobile App Privacy Preferences: Restoring Usability in a Sea of Permission Settings. In Proceedings of the Tenth USENIX Conference on Usable Privacy and Security (Menlo Park, CA) (SOUPS '14). USENIX Association, USA, 199--212.Google Scholar
- Bin Liu, Mads Schaarup Andersen, Florian Schaub, Hazim Almuhimedi, Shikun Zhang, Norman Sadeh, Alessandro Acquisti, and Yuvraj Agarwal. 2016. Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permissions. In Proceedings of the Twelfth USENIX Conference on Usable Privacy and Security (Denver, CO, USA) (SOUPS '16). USENIX Association, USA, 27--41.Google Scholar
- Bin Liu, Jialiu Lin, and Norman Sadeh. 2014. Reconciling Mobile App Privacy and Usability on Smartphones: Could User Privacy Profiles Help?. In Proceedings of the 23rd International Conference on World Wide Web (Seoul, Korea) (WWW '14). Association for Computing Machinery, New York, NY, USA, 201--212. https://doi.org/10.1145/2566486.2568035Google ScholarDigital Library
- Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, and Blaise Aguera y Arcas. 2017. Communication-Efficient Learning of Deep Networks from Decentralized Data. In Proceedings of the 20th International Conference on Artificial Intelligence and Statistics (Proceedings of Machine Learning Research, Vol. 54). PMLR, 1273--1282.Google Scholar
- Ricardo Mendes, André Brandão, J. P. Vilela, and Alastair R. Beresford. 2022. Effect of User Expectancy on Mobile App Privacy: A Field Study. In 2022 IEEE international conference on pervasive computing and communications (PerCom) .Google Scholar
- Patricia A. Norberg, Daniel R. Horne, and Dadid A. Horne. 2007. The Privacy Paradox: Personal Information Disclosure Intentions versus Behaviors. The Journal of Consumer Affairs , Vol. 41, 1 (2007), 100--126.Google ScholarCross Ref
- Katarzyna Olejnik, Italo Dacosta, Joana Soares Machado, Kévin Huguenin, Mohammad Emtiyaz Khan, and Jean-Pierre Hubaux. 2017. Smarper: Context-aware and automatic runtime-permissions for mobile devices. In 2017 IEEE Symposium on Security and Privacy (SP). IEEE, 1058--1076.Google ScholarCross Ref
- F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, B. Thirion, O. Grisel, M. Blondel, P. Prettenhofer, R. Weiss, V. Dubourg, J. Vanderplas, A. Passos, D. Cournapeau, M. Brucher, M. Perrot, and E. Duchesnay. 2011. Scikit-learn: Machine Learning in Python. Journal of Machine Learning Research , Vol. 12 (2011), 2825--2830.Google ScholarDigital Library
- Bahman Rashidi, Carol Fung, and Tam Vu. 2015. Dude, ask the experts!: Android resource access permission recommendation with RecDroid. In 2015 IFIP/IEEE International Symposium on Integrated Network Management . IEEE, UK, 296--304.Google ScholarCross Ref
- Ramprasad Ravichandran, Michael Benisch, Patrick Gauge Kelley, and Norman Sadeh. 2009. Capturing Social Networking Privacy Preferences: Can Default Policies Help Alleviate Tradeoffs between Expressiveness and User Burden?. In Proceedings of the 5th Symposium on Usable Privacy and Security (Mountain View, California, USA) (SOUPS '09). Association for Computing Machinery, New York, NY, USA, Article 47, 1 pages. https://doi.org/10.1145/1572532.1572587Google ScholarDigital Library
- Lena Reinfelder, Andrea Schankin, Sophie Russ, and Zinaida Benenson. 2018. An Inquiry into Perception and Usage of Smartphone Permission Models. In Trust, Privacy and Security in Digital Business, Steven Furnell, Haralambos Mouratidis, and Günther Pernul (Eds.). Springer International Publishing, Cham, 9--22.Google Scholar
- Odnan Ref Sanchez, Ilaria Torre, Yangyang He, and Bart Knijnenburg. 2020. A recommendation approach for user privacy preferences in the fitness domain. User Modeling and User-Adapted Interaction , Vol. 30 (07 2020). https://doi.org/10.1007/s11257-019-09246--3Google ScholarCross Ref
- United Nation General Assembly. 1948. Universal Declaration of Human Rights ., 6 pages. https://doi.org/10.1080/13642989808406748 arxiv: arXiv:1011.1669v3Google Scholar
- Jaideep Vaidya and Chris Clifton. 2002. Privacy Preserving Association Rule Mining in Vertically Partitioned Data. In Proceedings of the Eighth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (Edmonton, Alberta, Canada) (KDD '02). Association for Computing Machinery, New York, NY, USA, 639--644. https://doi.org/10.1145/775047.775142Google ScholarDigital Library
- Xuetao Wei, Lorenzo Gomez, Iulian Neamtiu, and Michalis Faloutsos. 2012. Permission Evolution in the Android Ecosystem. In Proceedings of the 28th Annual Computer Security Applications Conference (Orlando, Florida, USA) (ACSAC '12). Association for Computing Machinery, New York, NY, USA, 31--40. https://doi.org/10.1145/2420950.2420956Google ScholarDigital Library
- Jierui Xie, Bart Piet Knijnenburg, and Hongxia Jin. 2014. Location Sharing Privacy Preference: Analysis and Personalized Recommendation. In Proceedings of the 19th International Conference on Intelligent User Interfaces (Haifa, Israel) (IUI '14). Association for Computing Machinery, New York, NY, USA, 189--198. https://doi.org/10.1145/2557500.2557504Google ScholarDigital Library
- Yuchen Zhao, Juan Ye, and Tristan Henderson. 2014. Privacy-Aware Location Privacy Preference Recommendations. In Proceedings of the 11th International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (London, United Kingdom) (MOBIQUITOUS '14). ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), Brussels, BEL, 120--129. https://doi.org/10.4108/icst.mobiquitous.2014.258017Google ScholarDigital Library
Index Terms
- Prediction of Mobile App Privacy Preferences with User Profiles via Federated Learning
Recommendations
Protecting Data Privacy in Federated Learning Combining Differential Privacy and Weak Encryption
Science of Cyber SecurityAbstractAs a typical application of decentralization, federated learning prevents privacy leakage of crowdsourcing data for various training tasks. Instead of transmitting actual data, federated learning only updates model parameters of server by learning ...
Achieving Privacy in a Federated Identity Management System
Financial Cryptography and Data SecurityFederated identity management allows a user to efficiently authenticate and use identity information from data distributed across multiple domains. The sharing of data across domains blurs security boundaries and potentially creates privacy risks. We ...
A review of federated learning: taxonomy, privacy and future directions
AbstractThe data generated and stored in mobile devices owned by individuals as well as in various organizations contains a large amount of valuable and important information that can be used to improve service quality, user experience, and satisfaction. ...
Comments