Title: COMPUTER SECURITY - ESORICS 2022, PT I Search for Conference Proceedings Publications

Pages: 153-172

27th European Symposium on Research in Computer Security (ESORICS)

Tech Univ Denmark, Copenhagen, DENMARK, SEP 26-30, 2022

ISI Web of Knowledge - 4 Citations

Scopus - 4 Citations

Authenticus ID: P-00X-DTZ

DOI: 10.1007/978-3-031-17140-6_8

Abstract (EN): The multitude of applications and security configurations of mobile devices requires automated approaches for effective user privacy protection. Current permission managers, the core mechanism for privacy protection in smartphones, have shown to be ineffective by failing to account for privacy's contextual dependency and personal preferences within context. In this paper we focus on the relation between privacy decisions (e.g. grant or deny a permission request) and their surrounding context, through an analysis of a real world dataset obtained in campaigns with 93 users. We leverage such findings and the collected data to develop methods for automated, personalized and context-aware privacy protection, so as to predict users' preferences with respect to permission requests. Our analysis reveals that while contextual features have some relevance in privacy decisions, the increase in prediction performance of using such features is minimal, since two features alone are capable of capturing a relevant effect of context changes, namely the category of the requesting application and the requested permission. Our methods for prediction of privacy preferences achieved an F1 score of 0.88, while reducing the number of privacy violations by 28% when compared to the standard Android permission manager.

Language: English

Type (Professor's evaluation): Scientific

No. of pages: 20