- Award ID(s):
- 1850054
- PAR ID:
- 10353977
- Date Published:
- Journal Name:
- ICISSP 2022
- Page Range / eLocation ID:
- 154 to 164
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
Kim, JH. ; Singh, M. ; Khan, J. ; Tiwary, U.S. ; Sur, M. ; Singh, D. (Ed.)Cyberattacks and malware infestation are issues that surround most operating systems (OS) these days. In smartphones, Android OS is more susceptible to malware infection. Although Android has introduced several mechanisms to avoid cyberattacks, including Google Play Protect, dynamic permissions, and sign-in control notifications, cyberattacks on Android-based phones are prevalent and continuously increasing. Most malware apps use critical permissions to access resources and data to compromise smartphone security. One of the key reasons behind this is the lack of knowledge for the usage of permissions in users. In this paper, we introduce Permission-Educator, a cloud-based service to educate users about the permissions associated with the installed apps in an Android-based smartphone. We developed an Android app as a client that allows users to categorize the installed apps on their smartphones as system or store apps. The user can learn about permissions for a specific app and identify the app as benign or malware through the interaction of the client app with the cloud service. We integrated the service with a web server that facilitates users to upload any Android application package file, i.e. apk, to extract information regarding the Android app and display it to the user.more » « less
-
Insecure data storage may open a door to malicious malware to steal users' and system sensitive information. These problems may due to developer negligence or lack of security knowledge. Android developers use various storage methods to store data. However, Attackers have attacked these vulnerable data storage. Although the developers have modified the apps after knowing the vulnerability, the user's personal information has been leaked and caused serious consequences. As a result, instead of patching and fixing the vulnerability, we should conduct proactive control for secure Android data storage. In this paper, we analyzed Android external storage vulnerability and discussed the prevention solutions to prevent sensitive information in external storage from disclosure.more » « less
-
Consent-based searches are by far the most ubiquitous form of search undertaken by police. A key legal inquiry in these cases is whether consent was granted voluntarily. This Essay suggests that fact finders’ assessments of voluntariness are likely to be impaired by a systematic bias in social perception. Fact finders are likely to underappreciate the degree to which suspects feel pressure to comply with police officers’ requests to perform searches. In two preregistered laboratory studies, we approached a total of 209 participants (“Experiencers”) with a highly intrusive request: to unlock their password-protected smartphones and hand them over to an experimenter to search through while they waited in another room. A separate 194 participants (“Forecasters”) were brought into the lab and asked whether a reasonable person would agree to the same request if hypothetically approached by the same researcher. Both groups then reported how free they felt, or would feel, to refuse the request. Study 1 found that whereas most Forecasters believed a reasonable person would refuse the experimenter’s request, most Experiencers—100 out of 103 people—promptly unlocked their phones and handed them over. Moreover, Experiencers reported feeling significantly less free to refuse than did Forecasters contemplating the same situation hypothetically. Study 2 tested an intervention modeled after a commonly proposed reform of consent searches, in which the experimenter explicitly advises participants that they have the right to withhold consent. We found that this advisory did not significantly reduce compliance rates or make Experiencers feel more free to say no. At the same time, the gap between Experiencers and Forecasters remained significant. These findings suggest that decision makers judging the voluntariness of consent consistently underestimate the pressure to comply with intrusive requests. This is problematic because it indicates that a key justification for suspicionless consent searches—that they are voluntary—relies on an assessment that is subject to bias. The results thus provide support to critics who would like to see consent searches banned or curtailed, as they have been in several states. The results also suggest that a popular reform proposal—requiring police to advise citizens of their right to refuse consent—may have little effect. This corroborates previous observational studies that find negligible effects of Miranda warnings on confession rates among interrogees, and little change in rates of consent once police start notifying motorists of their right to refuse vehicle searches. We suggest that these warnings are ineffective because they fail to address the psychology of compliance. The reason people comply with police, we contend, is social, not informational. The social demands of police-citizen interactions persist even when people are informed of their rights. It is time to abandon the myth that notifying people of their rights makes them feel empowered to exercise those rights.more » « less
-
Abstract This study presents an initial framework describing factors that could affect respondents’ decisions to link their survey data with their public Twitter data. It also investigates two types of factors, those related to the individual and to the design of the consent request. Individual-level factors include respondents’ attitudes towards helpful behaviours, privacy concerns and social media engagement patterns. The design factor focuses on the position of the consent request within the interview. These investigations were conducted using data that was collected from a web survey on a sample of Twitter users selected from an adult online probability panel in the United States. The sample was randomly divided into two groups, those who received the consent to link request at the beginning of the survey, and others who received the request towards the end of the survey. Privacy concerns, measures of social media engagement and consent request placement were all found to be related to consent to link. The findings have important implications for designing future studies that aim at linking social media data with survey data.
-
In an era marked by ubiquitous reliance on mobile applications for nearly every need, the opacity of apps’ behavior poses significant threats to their users’ privacy. Although major data protection regulations require apps to disclose their data practices transparently, previous studies have pointed out difficulties in doing so. To further delve into this issue, this article describes an automated method to capture data-sharing practices in Android apps and assess their proper disclosure according to the EU General Data Protection Regulation. We applied the method to 9,000 random Android apps, unveiling an uncomfortable reality: over 80% of Android applications that transfer personal data off device potentially fail to meet GDPR transparency requirements. We further investigate the role of third-party libraries, shedding light on the source of this problem and pointing towards measures to address it.more » « less