Inproceedings: an article in a conference proceedings.
SmarPer: Context-Aware and Automatic Runtime-Permissions for Mobile Devices
Title of the conference
Proceedings of the 38th IEEE Symposium on Security and Privacy (S&P)
San Jose, Ca
Permission systems are the main defense that mobile platforms, such as Android and iOS, offer to users to protect their private data from prying apps. However, due to the tension between usability and control, such systems have several limitations that often force users to overshare sensitive data. In this work, we address some of these limitations with SmarPer, an advanced permission mechanism for Android. First, to address the rigidity of current permission systems and their poor matching of users' privacy preferences, SmarPer relies on contextual information and machine learning to predict permission decisions at runtime. Using our SmarPer implementation, we collected 8,521 runtime permission decisions from 41 participants in real conditions. Note that the goal of SmarPer is to mimic the users decisions, not to make privacy-preserving decisions per se. With this unique data set, we show that tting an efcient Bayesian linear regression model results in a mean correct classication rate of 80% (3%). This represents a mean relative improvement of 50% over a user-dened static permission policy, i.e., the model used in current permission systems. Second, SmarPer also focuses on the suboptimal trade-off between privacy and utility; instead of only “allow” or “deny” decisions, SmarPer also offers an “obfuscate” option where users can still obtain utility by revealing partial information to apps. We implemented obfuscation techniques in SmarPer for different data types and evaluated them during our data collection campaign. Our results show that 73% of the participants found obfuscation useful and it accounted for almost a third of the total number of decisions. In short, we are the first to show, using a large dataset of real in situ permission decisions, that it is possible to learn users’ unique decision patterns at runtime using contextual information while supporting data obfuscation; this an important step towards automating the management of permissions in smartphones.
Web of science
Last modification date