Abstract
With the prevalence of mobile devices and mobile applications (Apps), service providers have become increasingly enthusiastic in collecting user data, which would cause huge privacy risk due to the invisibility of data collection. How to evaluate the maximum privacy risks of mobile Apps is a key challenge, which not only contributes to the regulation of App market, but also helps users to avoid potential privacy leakage. By investigating the maximum data leakage of an App, this paper proposes a privacy risk quantification model based on the requested permissions and the principles of App permission analysis. The proposed model introduces four important parameters, namely, permission sensitivity, anomaly degree of permission list, utilization rate of an App, and number of permission callers, to evaluate the potential privacy risk of an App. We conduct experiments of privacy risk evaluation and malicious App detection over real datasets, and the results show that our proposed model achieves better performance against state-of-the-art solutions, which demonstrates the effectiveness of this model. Further, analytical results also indicate that this privacy risk quantification model can serve as an effective privacy risk warning mechanism for user privacy preservation.
Translated title of the contribution | 基于权限的移动应用程序隐私风险量化 |
---|---|
Original language | Chinese (Simplified) |
Pages (from-to) | 1100-1115 |
Number of pages | 16 |
Journal | Scientia Sinica Informationis |
Volume | 51 |
Issue number | 7 |
DOIs | |
Publication status | Published - Jul 2021 |
Keywords
- Mobile application
- Permission-based analytical method
- Privacy protection
- Privacy risk quantification
ASJC Scopus subject areas
- General Computer Science
- Engineering (miscellaneous)