Recent years have seen a global widespread adoption of smart mobile devices, notably, smartphones and tablets. Coupled with them is the even more explosive diffusion of mobile apps. The diffusion of such devices provides end users with previously unimaginable capabilities, and sensitive tasks such as purchasing products, managing bank accounts or keeping track of vital health information are now possible with just the flick of a finger. This increased reliance on smart mobile devices and apps is not without risks. They have an unprecedented access to sensitive personal information that is increasingly collected and used by companies. To counteract this issue, the European Commission launched the Next Generation Internet (NGI) initiative, with the ultimate goal of ensuring the creation of an internet that respects human and societal values, privacy, participation and diversity. Privacy and Trust play a key role, as NGI will inherently contain technical capabilities to support the data sovereignty of the end user, who should have the authority to decide how and by whom her data are used. In this dissertation, we investigate how mobile apps can be made more in line with the NGI vision, shifting to a more human-centric approach to privacy protection by giving control back to the user. Specifically, focusing on the Android platform, we investigate existing issues in its current security- and privacy-preserving mechanisms that result in a negative impact on users’ trust on the whole platform. Building on the results of this investigation, we propose a new permissions model that enables end-users with more control over their personal data and, at the same time, provides a better understanding of how and why such data are used. The contributions of this dissertation are: (i) an up-to-date map of the state of the art in static analysis of mobile apps, complete with an evaluation of the potential for industrial adoption; (ii) the identification of a number of existing issues in the current Android permissions system from the end user perspective; (iii) an empirical investigation on the introduction by developers of permissions-related issues in open-source Android apps, complete with a characterization of their frequency and decay time; (iv) the realization and evaluation of Android Flexible Permissions (AFP), a new flexible permissions model that empowers end users to specify and enact flexible permissions for Android apps.

Enhancing trustability of android applications via flexible permissions

SCOCCIA, GIAN LUCA
2019

Abstract

Recent years have seen a global widespread adoption of smart mobile devices, notably, smartphones and tablets. Coupled with them is the even more explosive diffusion of mobile apps. The diffusion of such devices provides end users with previously unimaginable capabilities, and sensitive tasks such as purchasing products, managing bank accounts or keeping track of vital health information are now possible with just the flick of a finger. This increased reliance on smart mobile devices and apps is not without risks. They have an unprecedented access to sensitive personal information that is increasingly collected and used by companies. To counteract this issue, the European Commission launched the Next Generation Internet (NGI) initiative, with the ultimate goal of ensuring the creation of an internet that respects human and societal values, privacy, participation and diversity. Privacy and Trust play a key role, as NGI will inherently contain technical capabilities to support the data sovereignty of the end user, who should have the authority to decide how and by whom her data are used. In this dissertation, we investigate how mobile apps can be made more in line with the NGI vision, shifting to a more human-centric approach to privacy protection by giving control back to the user. Specifically, focusing on the Android platform, we investigate existing issues in its current security- and privacy-preserving mechanisms that result in a negative impact on users’ trust on the whole platform. Building on the results of this investigation, we propose a new permissions model that enables end-users with more control over their personal data and, at the same time, provides a better understanding of how and why such data are used. The contributions of this dissertation are: (i) an up-to-date map of the state of the art in static analysis of mobile apps, complete with an evaluation of the potential for industrial adoption; (ii) the identification of a number of existing issues in the current Android permissions system from the end user perspective; (iii) an empirical investigation on the introduction by developers of permissions-related issues in open-source Android apps, complete with a characterization of their frequency and decay time; (iv) the realization and evaluation of Android Flexible Permissions (AFP), a new flexible permissions model that empowers end users to specify and enact flexible permissions for Android apps.
9-lug-2019
Inglese
Gran Sasso Science Institute
File in questo prodotto:
File Dimensione Formato  
2019_Scoccia.pdf

accesso aperto

Dimensione 4.81 MB
Formato Adobe PDF
4.81 MB Adobe PDF Visualizza/Apri

I documenti in UNITESI sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14242/116432
Il codice NBN di questa tesi è URN:NBN:IT:GSSI-116432