Certificate for Best Paper Award of the 2nd International Conference on HCI for Cybersecurity, Privacy and Trust
The award has been conferred to
Panagiotis Andriotis (University of the West of England, United Kingdom),
Atsuhiro Takasu (National Institute of Informatics, Japan)
for the paper entitled
"To Allow, or Deny? That is the Question"
Presented in the context of
HCI International 2020
19-24 July 2020
"The Android ecosystem is dynamic and diverse. Controls have been set in place to allow mobile device users to regulate exchanged data and restrict apps from accessing sensitive personal information and system resources. Modern versions of the operating system implement the run-time permission model which prompts users to allow access to protected resources the moment an app attempts to utilize them. It is assumed that, in general, the run-time permission model, compared to its predecessor, enhances users’ security awareness. In this paper we show that installed apps on Android devices are able to employ the systems’ public assets and extract users’ permission settings. Then we utilize permission data from 71 Android devices to create privacy profiles based on users’ interaction with permission dialogues initiated by the system during run-time. Therefore, we demonstrate that any installed app that runs on the foreground can perform an endemic live digital forensic analysis on the device and derive similar privacy profiles of the user. Moreover, focusing on the human factors of security, we show that although in theory users can control the resources they make accessible to apps, they eventually fail to successfully recall these settings, even for the apps that they regularly use. Finally, we briefly discuss our findings derived from a pen-and-paper exercise showcasing that users are more likely to allow apps to access their location data on contemporary mobile devices (running version Android 10)."
The full paper is available through SpringerLink, provided that you have proper access rights.