Securacy: An empirical investigation of android applications' network usage, privacy and security

Denzil Ferreira; Vassilis Kostakos; Alastair R. Beresford; Janne Lindqvist; Anind K. Dey

doi:10.1145/2766498.2766506

Securacy: An empirical investigation of android applications' network usage, privacy and security

Denzil Ferreira
, Vassilis Kostakos
, Alastair R. Beresford
, Janne Lindqvist
, Anind K. Dey

School of Engineering, Electrical & Computer Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

47 Scopus citations

Abstract

Smartphone users do not fully know what their apps do. For example, an applications' network usage and underlying security configuration is invisible to users. In this paper we introduce Securacy, a mobile app that explores users' privacy and security concerns with Android apps. Securacy takes a reactive, personalized approach, highlighting app permission settings that the user has previously stated are concerning, and provides feedback on the use of secure and insecure network communication for each app. We began our design of Securacy by conducting a literature review and in-depth interviews with 30 participants to understand their concerns. We used this knowledge to build Securacy and evaluated its use by another set of 218 anonymous participants who installed the application from the Google Play store. Our results show that access to address book information is by far the biggest privacy concern. Over half (56.4%) of the connections made by apps are insecure, and the destination of the majority of network traffic is North America, regardless of the location of the user. Our app provides unprecedented insight into Android applications' communications behavior globally, indicating that the majority of apps currently use insecure network connections.

Original language	English (US)
Title of host publication	Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015
Publisher	Association for Computing Machinery, Inc
ISBN (Electronic)	9781450336239
DOIs	https://doi.org/10.1145/2766498.2766506
State	Published - Jun 22 2015
Event	8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015 - New York, United States Duration: Jun 22 2015 → Jun 26 2015

Publication series

Name	Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015

Other

Other	8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015
Country/Territory	United States
City	New York
Period	6/22/15 → 6/26/15

All Science Journal Classification (ASJC) codes

Safety, Risk, Reliability and Quality
Computer Networks and Communications

Keywords

Applications
Context
Experience sampling
Network
Privacy

Access to Document

10.1145/2766498.2766506

Cite this

Ferreira, D., Kostakos, V., Beresford, A. R., Lindqvist, J., & Dey, A. K. (2015). Securacy: An empirical investigation of android applications' network usage, privacy and security. In Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015 Article a11 (Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015). Association for Computing Machinery, Inc. https://doi.org/10.1145/2766498.2766506

Ferreira, Denzil ; Kostakos, Vassilis ; Beresford, Alastair R. et al. / Securacy : An empirical investigation of android applications' network usage, privacy and security. Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015. Association for Computing Machinery, Inc, 2015. (Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015).

@inproceedings{120ddf5a4de94a2fab31cecc368522e2,

title = "Securacy: An empirical investigation of android applications' network usage, privacy and security",

abstract = "Smartphone users do not fully know what their apps do. For example, an applications' network usage and underlying security configuration is invisible to users. In this paper we introduce Securacy, a mobile app that explores users' privacy and security concerns with Android apps. Securacy takes a reactive, personalized approach, highlighting app permission settings that the user has previously stated are concerning, and provides feedback on the use of secure and insecure network communication for each app. We began our design of Securacy by conducting a literature review and in-depth interviews with 30 participants to understand their concerns. We used this knowledge to build Securacy and evaluated its use by another set of 218 anonymous participants who installed the application from the Google Play store. Our results show that access to address book information is by far the biggest privacy concern. Over half (56.4\%) of the connections made by apps are insecure, and the destination of the majority of network traffic is North America, regardless of the location of the user. Our app provides unprecedented insight into Android applications' communications behavior globally, indicating that the majority of apps currently use insecure network connections.",

keywords = "Applications, Context, Experience sampling, Network, Privacy",

author = "Denzil Ferreira and Vassilis Kostakos and Beresford, \{Alastair R.\} and Janne Lindqvist and Dey, \{Anind K.\}",

note = "Publisher Copyright: {\textcopyright} 2015 ACM.; 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015 ; Conference date: 22-06-2015 Through 26-06-2015",

year = "2015",

month = jun,

day = "22",

doi = "10.1145/2766498.2766506",

language = "English (US)",

series = "Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015",

publisher = "Association for Computing Machinery, Inc",

booktitle = "Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015",

}

Ferreira, D, Kostakos, V, Beresford, AR, Lindqvist, J & Dey, AK 2015, Securacy: An empirical investigation of android applications' network usage, privacy and security. in Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015., a11, Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015, Association for Computing Machinery, Inc, 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015, New York, United States, 6/22/15. https://doi.org/10.1145/2766498.2766506

Securacy: An empirical investigation of android applications' network usage, privacy and security. / Ferreira, Denzil; Kostakos, Vassilis; Beresford, Alastair R. et al.
Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015. Association for Computing Machinery, Inc, 2015. a11 (Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Securacy

T2 - 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015

AU - Ferreira, Denzil

AU - Kostakos, Vassilis

AU - Beresford, Alastair R.

AU - Lindqvist, Janne

AU - Dey, Anind K.

PY - 2015/6/22

Y1 - 2015/6/22

N2 - Smartphone users do not fully know what their apps do. For example, an applications' network usage and underlying security configuration is invisible to users. In this paper we introduce Securacy, a mobile app that explores users' privacy and security concerns with Android apps. Securacy takes a reactive, personalized approach, highlighting app permission settings that the user has previously stated are concerning, and provides feedback on the use of secure and insecure network communication for each app. We began our design of Securacy by conducting a literature review and in-depth interviews with 30 participants to understand their concerns. We used this knowledge to build Securacy and evaluated its use by another set of 218 anonymous participants who installed the application from the Google Play store. Our results show that access to address book information is by far the biggest privacy concern. Over half (56.4%) of the connections made by apps are insecure, and the destination of the majority of network traffic is North America, regardless of the location of the user. Our app provides unprecedented insight into Android applications' communications behavior globally, indicating that the majority of apps currently use insecure network connections.

AB - Smartphone users do not fully know what their apps do. For example, an applications' network usage and underlying security configuration is invisible to users. In this paper we introduce Securacy, a mobile app that explores users' privacy and security concerns with Android apps. Securacy takes a reactive, personalized approach, highlighting app permission settings that the user has previously stated are concerning, and provides feedback on the use of secure and insecure network communication for each app. We began our design of Securacy by conducting a literature review and in-depth interviews with 30 participants to understand their concerns. We used this knowledge to build Securacy and evaluated its use by another set of 218 anonymous participants who installed the application from the Google Play store. Our results show that access to address book information is by far the biggest privacy concern. Over half (56.4%) of the connections made by apps are insecure, and the destination of the majority of network traffic is North America, regardless of the location of the user. Our app provides unprecedented insight into Android applications' communications behavior globally, indicating that the majority of apps currently use insecure network connections.

KW - Applications

KW - Context

KW - Experience sampling

KW - Network

KW - Privacy

UR - https://www.scopus.com/pages/publications/84962016918

UR - https://www.scopus.com/pages/publications/84962016918#tab=citedBy

U2 - 10.1145/2766498.2766506

DO - 10.1145/2766498.2766506

M3 - Conference contribution

AN - SCOPUS:84962016918

T3 - Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015

BT - Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015

PB - Association for Computing Machinery, Inc

Y2 - 22 June 2015 through 26 June 2015

ER -

Ferreira D, Kostakos V, Beresford AR, Lindqvist J, Dey AK. Securacy: An empirical investigation of android applications' network usage, privacy and security. In Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015. Association for Computing Machinery, Inc. 2015. a11. (Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015). doi: 10.1145/2766498.2766506

Securacy: An empirical investigation of android applications' network usage, privacy and security

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Keywords

Access to Document

Other files and links

Fingerprint

Cite this