Abstract
Modern smartphone operating systems (e.g., Android 6.0 and later versions) employ an ask-on-first-use policy to regulate app permissions. To assist users in policy decisions, relevant efforts have been focusing on leveraging contexts to capture users' privacy preferences. However, these techniques have various limitations, such as heavily relying on users' historical decisions on granting permissions, ignoring the fact that users are not experts on privacy protection, and hard to determine whether a permission shall be granted. To address this problem, we propose an autonomous permission recommendation system, AutoPer+, to automatically recommend users the permission decisions at runtime. The main insight of our proposed system is that the natural language description of an app reflects its functionality and its similarity to other apps, and thus can be used to analyze whether a permission is needed indeed by it, and the apps similar to it. First, we introduce a multi-topic model into app functionality mining, and design a topic-permission mapper for the proposed recommendation system. Then we propose a deep semi-supervised machine using Long Short-Term Memory (LSTM) neural networks to identify similar apps, by which we can explore privacy permission usage in a cluster of apps. Finally, we capture a trade-off between privacy and utility to present a systematic recommendation. In addition to the permission decision (“Allow” or “Deny”), the permission explanations are also provided for users to make decisions (called “Ask”). We evaluate the proposed system via extensive comparison experiments on 31,023 Android apps. The results show that our approach achieves an accuracy of 84.1%. Moreover, we conduct user studies via installing AutoPer+ in the participants' own Android devices. We receive positive responses from the participants, which implies AutoPer+ is potentially for real-world deployment for enhancing current permission recommendation.
Highlights
Nowadays, smartphones play a key role in people’s daily lives
We focus on three challenges that users face when making permission decisions for app requests: (i) what is the relationship between a requested permission and an app; (ii) what is the correlation between a permission and a set of similar apps; and (iii) how to reconcile these two aspects to make a better permission decision
RESEARCH QUESTIONS To evaluate the performance of AutoPer+, we designed an exploratory study to answer the following research questions (RQs): RQ1: How accurate is AutoPer+ compared to different permission recommendation approaches?
Summary
Smartphones play a key role in people’s daily lives. Mobile users have increasing choices to install the apps with various functionalities, due to their ready accessibility in the popular app markets. To control the apps’ access to sensitive data, a permission-based mechanism is used in Android to inform users of privacy, and to protect users’ privacy and security. Massive research [2]–[4] has shown that the AOI policy is limited in reality, since few users read the requested permissions when installing an app, and even fewer correctly understand the consequences of granting permissions. This lead to the update of the permission mechanism since Android 6.0 – the ask-on-first-use (AOFU) policy where users are prompted at the first time
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
