Abstract
Android is offering millions of apps on Google Play-store by the application publishers. However, those publishers do have a parent organization and share information with them. Through the ‘Android permission system’, a user permits an app to access sensitive personal data. Large-scale personal data integration can reveal user identity, enabling new insights and earn revenue for the organizations. Similarly, aggregation of Android app permissions by the app owning parent organizations can also cause privacy leakage by revealing the user profile. This work classifies risky personal data by proposing a threat model on the large-scale app permission aggregation by the app publishers and associated owners. A Google-play application programming interface (API) assisted web app is developed that visualizes all the permissions an app owner can collectively gather through multiple apps released via several publishers. The work empirically validates the performance of the risk model with two case studies. The top two Korean app owners, seven publishers, 108 apps and 720 sets of permissions are studied. With reasonable accuracy, the study finds the contact number, biometric ID, address, social graph, human behavior, email, location and unique ID as frequently exposed data. Finally, the work concludes that the real-time tracking of aggregated permissions can limit the odds of user profiling.
Highlights
The proliferation of the personal data breach for gaining valuable insight into user preferences has become a common phenomenon in the data-driven industrial revolution
The key resolutions of the study are (a) to address how Android app permissions collected by an study are (a) to address how Android app permissions collected by an identical owner are exposing user personally identifiable information (PII), (b) to classify PII on aggregated Android permissions using the machine learning technique and (c) to offer suggestions for reducing large-scale permission re-identification
As this study only focused on Android, the study domain was limited to the Android app
Summary
The proliferation of the personal data breach for gaining valuable insight into user preferences has become a common phenomenon in the data-driven industrial revolution. Personal data has already become a new oil and privacy threat modeling are at the crux of the industrial revolution [2]. Mobile apps (Android and iOS) cause a threat to user privacy [7,8,9,10,11,12,13,14]. App user identities are frequently compromised even with consensus [15,16]. As today’s mobile device are facilitated with are frequently breaching user’s. Asdiverse today’spersonal mobile device are facilitated with advanced advanced sensors, apps are allowed to collect data [20,21,22,23]. Sensors, apps are allowed to collect diverse personal data [20,21,22,23]
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
