There are Many Apps for That: Quantifying the Availability of Privacy-Preserving Apps
View / Open Files
Publication Date
2017-07-18Journal Title
WiSec '17 Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (
Conference Name
ACM Conference on Security and Privacy in Wireless and Mobile Networks 2017
Publisher
Association for Computing Machinery
Pages
247-252
Language
English
Type
Conference Object
This Version
AM
Metadata
Show full item recordCitation
Taylor, V., Beresford, A. R., & Martinovic, I. (2017). There are Many Apps for That: Quantifying the Availability of Privacy-Preserving Apps. WiSec '17 Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (, 247-252. https://doi.org/10.1145/3098243.3098266
Abstract
The adage "there's an app for that" holds true in modern app stores. Indeed, app stores usually go further and provide multiple apps with very similar functionality; examples range from flashlight apps to alarm clocks. We call these functionally-similar apps. When searching for these apps, users are often presented with a vast array of choices, but no distinction is made in the user interface to highlight the relative privacy risks inherent in choosing one app over another. Yet the availability of many functionally-similar apps raises the question of whether some apps are significantly less invasive than others. In this paper, we take several steps toward answering this question. We begin by enumerating 2 500 groups of functionally-similar apps in the Google Play Store. Within groups of apps, we use static analysis to understand the real-world risks coming from apps with aggressive permission usage. By leveraging an established ranking system, and combining it with real-world data from over 28 000 Android devices, we quantify the improvements that can be made if users installed apps with privacy in mind. We observe that at least 25.6% of apps contain libraries that gratuitously exploit available permissions and find that 43.5% of apps could be swapped for comparable alternatives that require fewer permissions. Permissions saved may deliver important privacy and security improvements, including preventing access to the calendar (in 24% of cases), sending text messages (12%) and recording audio (8%). This is particularly important for apps which embed third-party libraries, since library code executes with the same permissions as the app itself.
Sponsorship
Vincent F. Taylor is supported by a Rhodes Scholarship and EPSRC.
Alastair R. Beresford is partly supported by EPSRC [grant number
EP/M020320/1] and The Boeing Company. The Device Analyzer
project was partly funded by a Google Focused Research Award.
Funder references
EPSRC (EP/M020320/1)
Identifiers
External DOI: https://doi.org/10.1145/3098243.3098266
This record's URL: https://www.repository.cam.ac.uk/handle/1810/266673
Rights
Licence:
http://www.rioxx.net/licenses/all-rights-reserved