Associated Risks in Mobile Applications Permissions

Mohammed Al Jutail, M. Al-Akhras, Abdulaziz A. Albesher
{"title":"Associated Risks in Mobile Applications Permissions","authors":"Mohammed Al Jutail, M. Al-Akhras, Abdulaziz A. Albesher","doi":"10.4236/JIS.2019.102004","DOIUrl":null,"url":null,"abstract":"Mobile applications affect user’s privacy based on the granted application’s permissions as attackers exploit mobile application permissions in Android and other mobile operating systems. This research divides permissions based on Google’s classification of dangerous permissions into three groups. The first group contains the permissions that can access user’s private data such as reading call log. The second group contains the permissions that can modify user’s data such as modifying the numbers in contacts. The third group contains the remaining permissions which can track the location, and use the microphone and other sensitive issues that can spy on the user. This research is supported by a study that was conducted on 100 participants in Saudi Arabia to show the level of users’ awareness of associated risks in mobile applications permissions. Associations among the collected data are also analyzed. This research fills the gap in user’s awareness by providing best practices in addition to developing a new mobile application to help users decide whether an application is safe to be installed and used or not. This application is called “Sparrow” and is available in Google Play Store.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":" ","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2019-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"信息安全(英文)","FirstCategoryId":"1093","ListUrlMain":"https://doi.org/10.4236/JIS.2019.102004","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4

Abstract

Mobile applications affect user’s privacy based on the granted application’s permissions as attackers exploit mobile application permissions in Android and other mobile operating systems. This research divides permissions based on Google’s classification of dangerous permissions into three groups. The first group contains the permissions that can access user’s private data such as reading call log. The second group contains the permissions that can modify user’s data such as modifying the numbers in contacts. The third group contains the remaining permissions which can track the location, and use the microphone and other sensitive issues that can spy on the user. This research is supported by a study that was conducted on 100 participants in Saudi Arabia to show the level of users’ awareness of associated risks in mobile applications permissions. Associations among the collected data are also analyzed. This research fills the gap in user’s awareness by providing best practices in addition to developing a new mobile application to help users decide whether an application is safe to be installed and used or not. This application is called “Sparrow” and is available in Google Play Store.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
移动应用程序权限中的相关风险
攻击者利用Android等移动操作系统的移动应用权限,通过授予应用权限来影响用户的隐私。本研究基于谷歌对危险权限的分类,将权限分为三组。第一组包含可以访问用户的私人数据的权限,例如读取呼叫记录。第二组包含修改用户数据的权限,例如修改联系人中的号码。第三组包含剩余的权限,可以跟踪位置,使用麦克风和其他可以监视用户的敏感问题。这项研究得到了一项研究的支持,该研究对沙特阿拉伯的100名参与者进行了调查,以显示用户对移动应用程序权限相关风险的认识水平。还分析了所收集数据之间的关联。这项研究除了开发新的移动应用程序外,还提供了最佳实践,以帮助用户确定应用程序是否可以安全安装和使用,从而填补了用户意识上的空白。这个应用程序被称为“麻雀”,可在b谷歌Play商店。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
211
期刊最新文献
Secure Web Application Technologies Implementation through Hardening Security Headers Using Automated Threat Modelling Techniques Research and Practice on High Availability Scheme of Unified Identity Authentication System Based on CAS in Colleges and Universities Learning with Errors Public Key Cryptosystem with Its Security User Station Security Protection Method Based on Random Domain Name Detection and Active Defense Towards a New Model for the Production of Civil Status Records Using Blockchain
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1