Despite growing privacy concerns, many mobile app users are unaware of how the permissions they grant affect their privacy. One reason for this is the lack of understandable tools to help them interpret how this impact varies according to their choices in device settings. As far as we know, there are no tools that quantify this impact from the user’s perspective. This paper presents the Privacy Impact Metric (PIM), a tool aimed at empowering users to manage their privacy when using mobile applications. PIM provides quantitative values that reflect the impact that an application has on the user’s privacy. This quantification allows users to compare applications, anticipate risks and make informed decisions about granting permissions. The metric is based on permission groups, the only mechanism Android provides for managing privacy after installation. This structure allows the granting or revoking of permissions to be simulated and observing the resulting impact to be observed. Another contribution of the work is the grouping of permissions, extracted directly from the Android source code, as this information is not officially documented by Google. This classification facilitates the validation of research that uses categories other than those defined by Android.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

PIM: A Metric to Empower Mobile App Users in Privacy Management

  • Amador Aparicio,
  • M. Mercedes Martínez-González,
  • Alejandro Pérez-Fuente,
  • Pablo-Abel Criado-Lozano

摘要

Despite growing privacy concerns, many mobile app users are unaware of how the permissions they grant affect their privacy. One reason for this is the lack of understandable tools to help them interpret how this impact varies according to their choices in device settings. As far as we know, there are no tools that quantify this impact from the user’s perspective. This paper presents the Privacy Impact Metric (PIM), a tool aimed at empowering users to manage their privacy when using mobile applications. PIM provides quantitative values that reflect the impact that an application has on the user’s privacy. This quantification allows users to compare applications, anticipate risks and make informed decisions about granting permissions. The metric is based on permission groups, the only mechanism Android provides for managing privacy after installation. This structure allows the granting or revoking of permissions to be simulated and observing the resulting impact to be observed. Another contribution of the work is the grouping of permissions, extracted directly from the Android source code, as this information is not officially documented by Google. This classification facilitates the validation of research that uses categories other than those defined by Android.