Enhancing mobile user privacy through a context aware permission model

The pervasive use of mobile devices has fueled the growth of mobile applications, many of which demand access to sensitive user data and system resources. This raises significant privacy concerns, particularly as current permission models often lack flexibility and user awareness. This Thesis introduces SCoPe, a novel Android permission model designed to enhance privacy through a proactive, context-aware, and user-centered approach. SCoPe addresses the limitations of static permission systems by incorporating dynamic privacy notifications and context-sensitive permission controls. Using RPCDroid, our developed tool, we analyzed how Android apps misuse permissions, often accessing sensitive data unknowingly to users. Our study on Privacy Indicators (PI) in Android 12 revealed their limited efficacy, prompting further investigation into PI designs via eye-tracking technology to assess user attention and perception. SCoPe, leveraging these insights, tracks user interactions and correlates them with permission accesses, allowing permissions to be granted on a per-feature basis and minimizing user interruptions. Our evaluation shows SCoPe's high accuracy in context recognition and its ability to reduce "warning fatigue" by limiting authorizations to new contexts. Additionally, we incorporated AI through LLMs, specifically GPT-4, to analyze app interfaces and assess permission requests, which showed significant promise in enhancing mobile security and privacy.