DocumentCode :
2047347
Title :
Privacy policies change management for smartphones
Author :
Biswas, Debmalya
Author_Institution :
Nokia Res. Center, Lausanne, Switzerland
fYear :
2012
fDate :
19-23 March 2012
Firstpage :
70
Lastpage :
75
Abstract :
The ever increasing popularity of apps stems from their ability to provide highly customized services for the user. The flip side is that to provide such customized services, apps need access to very sensitive personal user information. This has led to a lot of rogue apps that e.g. pass personal information to 3rd party Ad servers in the background. Studies have shown that current app vetting processes which are mainly restricted to install time verification mechanisms are incapable of detecting and preventing such attacks. We argue that the missing fundamental aspect here is the inability to capture and control runtime characteristics of apps, e.g. we need to know not only the list of sensors that need to be accessed by an app but also their frequency of access. This leads to the need for an expressive policy language that in addition to the list of sensors, also allows specifying when, where and how frequently can they be accessed. An expressive policy language has the disadvantage of making the task of an average user more difficult in setting and analyzing the consequences of his privacy settings. Further, privacy polices evolve over time. Over time, users are likely to change their privacy settings, as a response to a recently discovered vulnerability, or to be able to install that “much desired” app, etc. Such a policy change affects both already installed (may no longer be compliant) and previously rejected apps (may be compliant now). In this paper, we propose an integrated privacy add-on that (i) compares the apps profiles vs. user´s privacy settings, outlining the points of conflict as well as the different ways in which they can be resolved. And (ii) provides efficient change management with respect to any changes in user privacy settings.
Keywords :
data privacy; management of change; smart phones; install time verification mechanisms; integrated privacy add-on; privacy policy change management; privacy policy language; rogue smart phone application; run-time smart phone application characteristics; service customization; smart phone application profiles; smart phone application vetting processes; user personal information; user privacy settings; Access control; Global Positioning System; Privacy; Sensor phenomena and characterization; Smart phones; Timing; Conflict detection; Policy evolution; Privacy policies; Smartphone apps/services;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Pervasive Computing and Communications Workshops (PERCOM Workshops), 2012 IEEE International Conference on
Conference_Location :
Lugano
Print_ISBN :
978-1-4673-0905-9
Electronic_ISBN :
978-1-4673-0906-6
Type :
conf
DOI :
10.1109/PerComW.2012.6197606
Filename :
6197606
Link To Document :
بازگشت