Privacy risk assessment and users' awareness for mobile apps permissions

Abstract

Mobile applications have access to users' data. This raises a potential privacy concern since users' personal information is collected and revealed to third parties without their consent. In this paper we propose a proactive user-oriented approach towards users' awareness of the privacy risk involved with granting permissions to Android applications. We present a dynamic privacy scoring model that assesses the risk to users' privacy associated to an application which requires a set of permissions. The parameters of this model are the severity and the relative importance of permissions and their interactions. Severity is evaluated according to a standard severity assessment method. The relative importance is estimated according to an analytic method. An experimental study on a set of 64 applications has been conducted. Association rules between permissions have been identified by using a data mining algorithm.