Publication Type

Conference Proceeding Article

Publication Date

5-2016

Abstract

While mobile platforms rely on developers to follow good practices in privacy design, developers might not always adhere. In addition, it is often difficult for users to understand the privacy behaviour of their applications without some prolonged usage. To aid in these issues, we describe on-going research to improve privacy protection by utilizing techniques that mine privacy information from application binaries as a grey-box (Automated Privacy Checking). The outputs can then be utilized to improve the users' ability to exercise privacy-motivated discretion. We conducted a user study to observe the effects of presenting information on leak-causing triggers within applications in the form of privacy message overlays. We found that while users' prior usage time largely determined their usage behaviour, presenting trigger information helped users who disapproved with data use and had sufficient understanding of the implications of data leaks. Users' inherent level of privacy consciousness and surprise levels were also factors in ensuring the effectiveness of messages.

Keywords

mobile privacy, binary analysis, user-behavioural factors

Discipline

Information Security | Software Engineering

Research Areas

Software and Cyber-Physical Systems

Publication

Workshop on Bridging the Gap Between Privacy By Design and Privacy in Practice CHI '16, May 7, San Jose, CA

First Page

1

Last Page

4

Publisher

CHI

City or Country

San Jose, CA

Copyright Owner and License

Authors

Creative Commons License

Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.

Additional URL

https://networkedprivacy2016.files.wordpress.com/2015/11/chi_workshop_camera_ready_leveraging-automated-privacy-checking.pdf

Share

COinS