基于权限的移动应用程序隐私风险量化

Translated title of the contribution: Privacy risk quantification of mobile application based on requested permissions

Minjie Zhu, Qingqing Ye, Xiaofeng Meng, Xin Yang

Research output: Journal article publicationJournal articleAcademic researchpeer-review

Abstract

With the prevalence of mobile devices and mobile applications (Apps), service providers have become increasingly enthusiastic in collecting user data, which would cause huge privacy risk due to the invisibility of data collection. How to evaluate the maximum privacy risks of mobile Apps is a key challenge, which not only contributes to the regulation of App market, but also helps users to avoid potential privacy leakage. By investigating the maximum data leakage of an App, this paper proposes a privacy risk quantification model based on the requested permissions and the principles of App permission analysis. The proposed model introduces four important parameters, namely, permission sensitivity, anomaly degree of permission list, utilization rate of an App, and number of permission callers, to evaluate the potential privacy risk of an App. We conduct experiments of privacy risk evaluation and malicious App detection over real datasets, and the results show that our proposed model achieves better performance against state-of-the-art solutions, which demonstrates the effectiveness of this model. Further, analytical results also indicate that this privacy risk quantification model can serve as an effective privacy risk warning mechanism for user privacy preservation.

Translated title of the contributionPrivacy risk quantification of mobile application based on requested permissions
Original languageChinese (Simplified)
Pages (from-to)1100-1115
Number of pages16
JournalScientia Sinica Informationis
Volume51
Issue number7
DOIs
Publication statusPublished - Jul 2021
Externally publishedYes

Keywords

  • Mobile application
  • Permission-based analytical method
  • Privacy protection
  • Privacy risk quantification

ASJC Scopus subject areas

  • Computer Science(all)
  • Engineering (miscellaneous)

Cite this