Generally, when an app runs on an Android device, users are asked to approve accesses to sensitive data or resources that require Android dangerous permissions. Otherwise, for other resources, requiring normal permissions, no approval is asked. Once access to resources has been gained, an app could send confidential data outside of the device, with no obvious abuse of security policies. Hence, users could witness a data leak, and, in general terms, a loss of control on data accessed, and about the ways they have been used. This paper shows the mechanisms that an app could use to gain sensitive data, hence breaching user privacy. Then, in order to preserve privacy, a novel and general defence solution is proposed, protecting data and resources in Android devices. Moreover, users are given the ability to configure which accesses have to be prevented and which are granted. As a proof of concept, our protection solution has been embedded in Wikipedia app, however is general and available for any app.

Mitigating Privacy-Related Risks for Android Users

Tramontana E.
;
Verga G.
2019-01-01

Abstract

Generally, when an app runs on an Android device, users are asked to approve accesses to sensitive data or resources that require Android dangerous permissions. Otherwise, for other resources, requiring normal permissions, no approval is asked. Once access to resources has been gained, an app could send confidential data outside of the device, with no obvious abuse of security policies. Hence, users could witness a data leak, and, in general terms, a loss of control on data accessed, and about the ways they have been used. This paper shows the mechanisms that an app could use to gain sensitive data, hence breaching user privacy. Then, in order to preserve privacy, a novel and general defence solution is proposed, protecting data and resources in Android devices. Moreover, users are given the ability to configure which accesses have to be prevented and which are granted. As a proof of concept, our protection solution has been embedded in Wikipedia app, however is general and available for any app.
2019
978-1-7281-0676-2
Android; permissions; privacy; security
File in questo prodotto:
File Dimensione Formato  
2019wetice.pdf

solo gestori archivio

Descrizione: Articolo principale
Tipologia: Versione Editoriale (PDF)
Licenza: NON PUBBLICO - Accesso privato/ristretto
Dimensione 467.94 kB
Formato Adobe PDF
467.94 kB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.11769/377426
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 8
  • ???jsp.display-item.citation.isi??? 3
social impact