Mobile App Privacy Analysis

EasyChair Preprint no. 11290

Abstract

In this paper, we investigate the feasibility of identifying a small set of privacy profiles as a way of helping users manage their mobile app privacy preferences. Our analysis does not limit itself to looking at permissions people feel comfortable granting to an app. Instead, it relies on static code analysis to determine the purpose for which an app requests each of its permissions, distinguishing for instance between apps relying on particular permissions to deliver their core functionality and apps requesting these permissions to share information with advertising networks or social networks. Using privacy preferences that reflect people’s comfort with the purpose for which different apps request their permissions, we use clustering techniques to identify privacy profiles.  A major contribution of this work is to show that, while people’s mobile app privacy preferences are diverse, it is possible to identify a small number of privacy profiles that collectively do a good job at capturing these diverse preferences.

Keyphrases: Android KeyStore, Android Studio, data collection, dynamic analysis, Firebase Crashlytics, MobSF, Privacy, static analysis, Vulnerabilities

@Booklet{EasyChair:11290,
  author = {Vivek Reddy and Madhusudhan Reddy and Chaitanya Kumar Reddy and S Vikas},
  title = {Mobile App Privacy Analysis},
  howpublished = {EasyChair Preprint no. 11290},

  year = {EasyChair, 2023}}