A human oriented Privacy Impact Metric for mobile apps

Abstract

Android is the operating system with the largest presence on mobile devices. The permissions mechanism is used to grant or restrict the access of applications to the device’s data and resources. Applications request permission to access them and users decide whether to grant or deny them. Our proposal is to obtain a permissions-based metric, easy to use for device owners, to provide them with guidance on the risk to their privacy that they assume when they install an app on their device and how to minimize this risk. A distinctive feature compared to other proposals is that we use permission groups as one of the parameters. These permission groups express concepts that are more accessible to any type of user than individual permissions and are what users can actually act on. This has the advantage of being easier for users to understand. To facilitate its use, we have developed a service that allows you to consult it, but also to perform simulations to check how granting or denying each group of permissions requested by an application affects before making decisions and taking risks on the device itself. We thus introduce the criterion of usability, which allows us to obtain a more human technology, available to empowered users.