Short Text, Large Effect: Measuring the Impact of User Reviews on Android App Security & Privacy

Duc Cuong Nguyen, Erik Derr, M. Backes, Sven Bugiel
{"title":"Short Text, Large Effect: Measuring the Impact of User Reviews on Android App Security & Privacy","authors":"Duc Cuong Nguyen, Erik Derr, M. Backes, Sven Bugiel","doi":"10.1109/SP.2019.00012","DOIUrl":null,"url":null,"abstract":"Application markets streamline the end-users’ task of finding and installing applications. They also form an immediate communication channel between app developers and their end-users in form of app reviews, which allow users to provide developers feedback on their apps. However, it is unclear to which extent users employ this channel to point out their security and privacy concerns about apps, about which aspects of apps users express concerns, and how developers react to such security- and privacy-related reviews. In this paper, we present the first study of the relationship between end-user reviews and security- & privacy-related changes in apps. Using natural language processing on 4.5M user reviews for the top 2,583 apps in Google Play, we identified 5,527 security and privacy relevant reviews (SPR). For each app version mentioned in the SPR, we use static code analysis to extract permission-protected features mentioned in the reviews. We successfully mapped SPRs to privacy-related changes in app updates in 60.77% of all cases. Using exploratory data analysis and regression analysis we are able to show that preceding SPR are a significant factor for predicting privacy-related app updates, indicating that user reviews in fact lead to privacy improvements of apps. Our results further show that apps that adopt runtime permissions receive a significantly higher number of SPR, showing that runtime permissions put privacy-jeopardizing actions better into users’ minds. Further, we can attribute about half of all privacy-relevant app changes exclusively to third-party library code. This hints at larger problems for app developers to adhere to users’ privacy expectations and markets’ privacy regulations. Our results make a call for action to make app behavior more transparent to users in order to leverage their reviews in creating incentives for developers to adhere to security and privacy best practices, while our results call at the same time for better tools to support app developers in this endeavor.","PeriodicalId":272713,"journal":{"name":"2019 IEEE Symposium on Security and Privacy (SP)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"41","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE Symposium on Security and Privacy (SP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP.2019.00012","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 41

Abstract

Application markets streamline the end-users’ task of finding and installing applications. They also form an immediate communication channel between app developers and their end-users in form of app reviews, which allow users to provide developers feedback on their apps. However, it is unclear to which extent users employ this channel to point out their security and privacy concerns about apps, about which aspects of apps users express concerns, and how developers react to such security- and privacy-related reviews. In this paper, we present the first study of the relationship between end-user reviews and security- & privacy-related changes in apps. Using natural language processing on 4.5M user reviews for the top 2,583 apps in Google Play, we identified 5,527 security and privacy relevant reviews (SPR). For each app version mentioned in the SPR, we use static code analysis to extract permission-protected features mentioned in the reviews. We successfully mapped SPRs to privacy-related changes in app updates in 60.77% of all cases. Using exploratory data analysis and regression analysis we are able to show that preceding SPR are a significant factor for predicting privacy-related app updates, indicating that user reviews in fact lead to privacy improvements of apps. Our results further show that apps that adopt runtime permissions receive a significantly higher number of SPR, showing that runtime permissions put privacy-jeopardizing actions better into users’ minds. Further, we can attribute about half of all privacy-relevant app changes exclusively to third-party library code. This hints at larger problems for app developers to adhere to users’ privacy expectations and markets’ privacy regulations. Our results make a call for action to make app behavior more transparent to users in order to leverage their reviews in creating incentives for developers to adhere to security and privacy best practices, while our results call at the same time for better tools to support app developers in this endeavor.
短文本,大效应:衡量用户评论对Android应用安全和隐私的影响
应用程序市场简化了最终用户查找和安装应用程序的任务。它们还以应用评论的形式在应用开发者和终端用户之间形成即时沟通渠道,允许用户向开发者提供有关应用的反馈。然而,目前尚不清楚用户在多大程度上利用这个渠道指出他们对应用程序的安全和隐私问题,用户对应用程序的哪些方面表示担忧,以及开发人员对这些与安全和隐私相关的评论有何反应。在本文中,我们提出了最终用户评论与应用程序中安全和隐私相关变化之间关系的第一个研究。通过自然语言处理Google Play中排名前2583的450万用户评论,我们确定了5527条安全和隐私相关评论(SPR)。对于SPR中提到的每个应用版本,我们使用静态代码分析来提取评论中提到的权限保护功能。在60.77%的案例中,我们成功地将SPRs映射到应用更新中与隐私相关的变化。通过探索性数据分析和回归分析,我们能够表明,之前的SPR是预测隐私相关应用更新的重要因素,这表明用户评论实际上导致了应用的隐私改进。我们的研究结果进一步表明,采用运行时权限的应用程序获得了更高数量的SPR,这表明运行时权限更能让用户意识到隐私危害行为。此外,我们可以将大约一半与隐私相关的应用程序更改专门归因于第三方库代码。这暗示了应用程序开发者在遵守用户隐私期望和市场隐私法规方面面临的更大问题。我们的研究结果呼吁采取行动,让应用程序的行为对用户更加透明,以便利用他们的评论来激励开发者坚持安全和隐私的最佳实践,同时我们的研究结果呼吁开发更好的工具来支持应用程序开发者在这方面的努力。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信