Please wait a minute...
Shopping Cart Email List Chinese
Advanced Search Fig/Tab
Frontiers of Engineering Management

ISSN 2095-7513

ISSN 2096-0255(Online)

CN 10-1205/N

Postal Subscription Code 80-905

Featured Articles  |  Most Downloaded  |  Most Reading
Online Submission Subscribe to Our RSS Content Feed
Front. Eng    2022, Vol. 9 Issue (4) : 640-652    https://doi.org/10.1007/s42524-022-0228-y
RESEARCH ARTICLE
Large-scale App privacy governance
Zitong LI, Zhuoya FAN, Junxu LIU, Leixia WANG, Xiaofeng MENG()
School of Information, Renmin University of China, Beijing 100872, China
 Download: PDF(3773 KB)   HTML
 Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks
Abstract

Recently, the problem of mobile applications (Apps) leaking users’ private information has aroused wide concern. As the number of Apps continuously increases, effective large-scale App governance is a major challenge. Currently, the government mainly filters out Apps with potential privacy problems manually. Such approach is inefficient with limited searching scope. In this regard, we propose a quantitative method to filter out problematic Apps on a large scale. We introduce Privacy Level (P-Level) to measure an App’s probability of leaking privacy. P-Level is calculated on the basis of Permission-based Privacy Value (P-Privacy) and Usage-based Privacy Value (U-Privacy). The former considers App permission setting, whereas the latter considers App usage. We first illustrate the privacy value model and computation results of both values based on real-world dataset. Subsequently, we introduce the P-Level computing model. We also define the P-Level computed on our dataset as the PL standard. We analyze the distribution of average usage and number of Apps under the levels given in the PL standard, which may provoke insights into the large-scale App governance. Through P-Privacy, U-Privacy, and P-Level, potentially problematic Apps can be filtered out efficiently, thereby making up for the shortcoming of being manual.
Keywords privacy risk      Privacy Level      quantification      large-scale App governance     
Corresponding Author(s): Xiaofeng MENG   
Just Accepted Date: 09 October 2022   Online First Date: 15 November 2022    Issue Date: 08 December 2022
 Cite this article:   
Zitong LI,Zhuoya FAN,Junxu LIU, et al. Large-scale App privacy governance[J]. Front. Eng, 2022, 9(4): 640-652.
 URL:  
https://academic.hep.com.cn/fem/EN/10.1007/s42524-022-0228-y
https://academic.hep.com.cn/fem/EN/Y2022/V9/I4/640
Attribute nameDescriptionData typeData length
Device IDDevice identification numbervarchar200
Package nameApp installation package namevarchar200
StatusApp installation status: “0” for “uninstall”, “1” for “maintaining”, “2” for “newly installed”int/
install_typeInstallation type: “?1” for “unknown type”, “0” for “normal application”, “1” for “system application”, “2” for “upgraded system application”, “3” for “pre-installed application”int/
TimeFirst report time or installation timevarchar100
last_reportedLatest report time. If Status is zero, then this is uninstallation time accordinglyvarchar100
Tab.1  User behavior data format
Fig.1  Density of P-Privacy and U-Privacy distribution.
Fig.2  P-Privacy distribution for different App categories.
Fig.3  U-Privacy distribution for different App categories.
Fig.4  Two-dimensional clustering results.
P-LevelRange
P-PrivacyU-Privacy
1[0.0000, 0.1450)[0.0000, 0.0198)
2[0.1450, 0.2571)[0.0198, 0.0590)
3[0.2571, 0.3326)[0.0590, 0.0994)
4[0.3326, 0.4377)[0.0994, 0.1395)
5[0.4377, 0.5000)[0.1395, 0.1819)
6[0.5000, 0.5806)[0.1819, 0.2303)
7[0.5806, 0.6467)[0.2303, 0.2889)
8[0.6467, 0.7161)[0.2889, 0.3663)
9[0.7161, 0.8000)[0.3663, 0.4902)
10[0.8000, 1.0000][0.4902, 1.0000]
Tab.2  PL standard for P-Privacy and U-Privacy, respectively
High P-Level Apps proportionEqual divisionClustering
P-Privacy level≥ 593.07%94.72%
≥ 688.12%90.10%
≥ 773.93%80.20%
≥ 848.51%66.67%
≥ 918.48%45.87%
U-Privacy level≥ 546.86%94.72%
≥ 619.47%92.08%
≥ 77.26%83.17%
≥ 81.32%74.92%
≥ 90.08%60.73%
Tab.3  Proportion of Apps with different P-Privacy and U-Privacy levels in Cyberspace Administration of China (2021a)
High P-Level Apps proportionEqual divisionClustering
P-Privacy level≥ 587.04%87.04%
≥ 683.33%83.33%
≥ 768.52%72.22%
≥ 855.56%64.81%
≥ 933.33%53.70%
U-Privacy level≥ 544.44%77.78%
≥ 627.78%72.22%
≥ 714.81%70.37%
≥ 85.56%57.41%
≥ 90.00%50.00%
Tab.4  Proportion of Apps with different P-Privacy and U-Privacy levels in Cyberspace Administration of China (2021b)
Fig.5  Distribution of App number based on P-Privacy in different dividing methods.
Fig.6  Distribution of App number based on U-Privacy in different dividing methods.
Fig.7  Distribution of U-Privacy in different P-Privacy levels.
Fig.8  Average usage of Apps in different P-Privacy levels.
Fig.9  Average usage of Apps in different U-Privacy levels.
Fig.10  App distribution in different categories under P-Privacy levels.
Fig.11  App distribution in different categories under U-Privacy levels.
1 S Biswas, H Wang, J Rashid, (2016). Android permissions management at App installing. International Journal of Security and Its Applications, 10( 3): 223–232
https://doi.org/10.14257/ijsia.2016.10.3.21
2 S Biswas, K Sharif, F Li, Y Liu, (2017). 3P framework: Customizable permission architecture for mobile applications. In: Proceedings of the International Conference on Wireless Algorithms, Systems, and Applications. Guilin: Springer, 445–456
3 P H Chia, Y Yamamoto, N Asokan, (2012). Is this App safe? A large scale study on application permissions and risk signals. In: Proceedings of the 21st International Conference on World Wide Web. Lyon: Association for Computing Machinery, 311–320
4 Cyberspace Administration of China (2021a). Notice on illegal collection and use of personal information in 84 Apps including Tencent Phone Manager (in Chinese)
5 Cyberspace Administration of China (2021b). Notice on illegal collection and use of personal information in 105 Apps including Tiktok (in Chinese)
6 K Degirmenci, (2020). Mobile users’ information privacy concerns and the role of App permission requests. International Journal of Information Management, 50: 261–272
https://doi.org/10.1016/j.ijinfomgt.2019.05.010
7 A P FeltE ChinS HannaD SongD Wagner (2011). Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security. Chicago, IL: Association for Computing Machinery, 627–638
8 S Grauschopf (2020). Facebook privacy levels: Understanding Facebook’s levels of privacy. Online Paper
9 D Hayes, F Cappa, N A Le-Khac, (2020). An effective approach to mobile device management: Security and privacy issues associated with mobile applications. Digital Business, 1( 1): 100001
https://doi.org/10.1016/j.digbus.2020.100001
10 Y Hu (2007). Research on Risk Assessment Method of Network Information System. Dissertation for the Doctoral Degree. Chengdu: Sichuan University (in Chinese)
11 X Lu, Q Li, Z Qu, P Hui, (2014). Privacy information security classification study in Internet of Things. In: Proceedings of the International Conference on Identification, Information and Knowledge in the Internet of Things. Beijing: IEEE, 162–165
12 X F Meng, M J Zhu, J X Liu, (2019). Quantitative research on privacy risk of large-scale mobile users. Journal of Information Security Research, 5( 9): 778–788
13 H PengC GatesB SarmaN H LiY QiR PotharajuC Nita-RotaruI (2012) Molloy. Using probabilistic generative models for ranking risks of Android Apps. In: Proceedings of the ACM Conference on Computer and Communications Security. Raleigh North, CA: Association for Computing Machinery, 241–252
14 Personal Information Protection Task Force on Apps (2019). Governance report on Apps’ illegal collection and use of personal information (in Chinese)
15 A K Singh, C D Jaidhar, M A A Kumara, (2019). Experimental analysis of Android malware detection based on combinations of permissions and API-calls. Journal of Computer Virology and Hacking Techniques, 15( 3): 209–218
https://doi.org/10.1007/s11416-019-00332-z
16 H X Son, B Carminati, E Ferrari, (2021). A risk assessment mechanism for Android Apps. In: Proceedings of the International Conference on Smart Internet of Things (SmartIoT). Jeju: IEEE, 237–244
17 Y WangJ ZhengC SunS (2013) Mukkamala. Quantitative security risk assessment of Android permissions and applications. In: Proceedings of the 27th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy. Newark, NJ: Springer, 226–241
18 Z Wu, X Chen, S U J Lee, (2021). FCDP: Fidelity calculation for description-to-permissions in Android Apps. IEEE Access, 9: 1062–1075
https://doi.org/10.1109/ACCESS.2020.3047019
19 X H Zhang, Y Zhang, M Zhong, D Z Ding, Y Z Cao, Y K Zhang, M Zhang, M Yang, (2020). Enhancing state-of-the-art classifiers with API semantics to detect evolved Android malware. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 757–770
20 Y L Zhang, Y J Zhou, (2019). Review of clustering algorithms. Journal of Computer Applications, 39( 7): 1869–1882
21 M J Zhu, Q Q Ye, X F Meng, X Yang, (2021). Privacy risk quantification of mobile application based on requested permissions. Scientia Sinica (Informationis), 51( 7): 1100–1115
https://doi.org/10.1360/SSI-2020-0039
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed