![]() These values act as a penalty to the base score.range and bandwidth. Every combination of this subcategories was considered, assigning a score, ranging from 1 to 10, to each combination. The communication permissions have been divided considering range and bandwidth. In order to take this into account, the hardware and data access categories have been divided into sub-categories:Ĭhange hardware configuration Personal data access However, (1) to represent data leakage capabilities of applications is not enough: some permissions are far more dangerous if used in combination with other permissions. After empirical considerations, it has been assigned the value 7. Wd: weight assigned to data permissions.After empirical considerations, it has been assigned the value 3 Wh: weight assigned to hardware permissions.MAX(C): the maximum value among the communication permissions requested by an application.Dn: the normalized sum of data permissions’ score requested by an application.Hn : the normalized sum of hardware permissions’ score requested by an application.To compute a value representing applications’ data leakage capabilities the followed formula has been developed: System permissions : every permission which can be requested only by system applications.Communication permissions: every permission which gives the chance to send information either over a network or to another device.Data access permissions: every permission which requests a direct access to data stored on the devices.Hardware permissions: every permission which requests a direct access to a hardware device.The permissions have been divided into four categories: Permissions have been grouped into categories and each permission has been assigned a score, ranging from 1 to 10, to describe its dangerousness. Let’s now look at how Privacy Guard works. Privacy Guard is intended to first monitor the potential risks for a user’s data privacy and, as second aim, to stimulate and increase the awareness of user towards the kind of apps she installs on her device, from a security perspective. It is important to remark that Privacy Guard does not evaluate if a data exfiltration happens on a device, but it just identifies those apps which require a combination of permissions that can be strong indicators of activities that affect data privacy preservation. Relying on such observations, we created a model that identifies which apps have the most dangerous combination of permssions for data privacy. If an app requires the permission to send SMS and the permission to read contacts, SMS, and some other personal identifiable information stored in the device, it exposes the user to the possibility that the app sends that sensitive information to a third party by SMS. The core problem is that the common user ignores completely the kind of permissions that are granted, and, what is more severe, ignores which risk a certain combination of permissions exposes her privacy too. The point is that the user grants those permissions which allow the data exfiltration when installs the application on the device. Such data can be then used for different purposes that produce revenue for the adversary who obtained it: to sell user’s profile to a third party for marketing purposes, to feed OSINT platforms, to realize identity thefts or for accomplishing frauds and scams. On the basis of our studies on malicious apps that exfiltrate sensitive data (), we found out that both trusted apps and malicious apps take a lot of sensitive data. Privacy Guard was developed at Iswatlab ( ), the cyber security lab of the Department of Engineering of the University of Sannio (Italy), from an idea of and under the supervision of Corrado Aaron Visaggio, which is the responsible of the lab and: Antonio Altieri, Fabrizio Giorgione, Alfredo Nazzaro, and Assunta Oropallo. In order to increase the awareness of user towards the possibility of data leakage and the importance of protecting personal data stored in smartphones, we developed: ‘ Privacy Guard‘. Mobile devices collect a large volume of personal information that could be used for malicious purposes by adversaries. Privacy Guard is an Android app that evaluates the risks of data privacy relying on the permissions requested by the apps installed on a device.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |