Download PDFOpen PDF in browserMobile App Privacy AnalysisEasyChair Preprint 1129014 pages•Date: November 14, 2023AbstractIn this paper, we investigate the feasibility of identifying a small set of privacy profiles as a way of helping users manage their mobile app privacy preferences. Our analysis does not limit itself to looking at permissions people feel comfortable granting to an app. Instead, it relies on static code analysis to determine the purpose for which an app requests each of its permissions, distinguishing for instance between apps relying on particular permissions to deliver their core functionality and apps requesting these permissions to share information with advertising networks or social networks. Using privacy preferences that reflect people’s comfort with the purpose for which different apps request their permissions, we use clustering techniques to identify privacy profiles. A major contribution of this work is to show that, while people’s mobile app privacy preferences are diverse, it is possible to identify a small number of privacy profiles that collectively do a good job at capturing these diverse preferences. Keyphrases: Android KeyStore, Android Studio, Firebase Crashlytics, MobSF, Privacy, Vulnerabilities, data collection, dynamic analysis, static analysis
|