Issue No. 02 - Feb. (2018 vol. 17)
Li Lyna Zhang , University of Science and Technology of China, Hefei, China
Chieh-Jan Mike Liang , Microsoft Research, Beijing, China
Zhao Lucis Li , University of Science and Technology of China, Hefei, China
Yunxin Liu , Microsoft Research, Beijing, China
Feng Zhao , Microsoft Research, Beijing, China
En-Hong Chen , University of Science and Technology of China, Hefei, China
Given the emerging concerns over app privacy-related risks, major app distribution providers (e.g., Microsoft) have been exploring approaches to help end users to make informed decision before installation. This is different from existing approaches of simply trusting users to make the right decision. We build on the direction of risk rating as the way to communicate app-specific privacy risks to end users. To this end, we propose to use sensitivity analysis to infer whether an app requests sensitive on-device resources/data that are not required for its expected functionality. Our system, Privet, addresses challenges in efficiently achieving test coverage and automated privacy risk assessment. Finally, we evaluate Privet with 1,000 Android apps released in the wild.
Privacy, Testing, Sensitivity analysis, Automation, Mobile computing, Mobile communication, Androids
L. L. Zhang, C. M. Liang, Z. L. Li, Y. Liu, F. Zhao and E. Chen, "Characterizing Privacy Risks of Mobile Apps with Sensitivity Analysis," in IEEE Transactions on Mobile Computing, vol. 17, no. 2, pp. 279-292, 2018.