Security Engineering for Lifelong Evolvable Systems

PrimAndroid: privacy policy modelling and analysis for Android applications

TitlePrimAndroid: privacy policy modelling and analysis for Android applications
Publication TypeConference Paper
Year of Publication2011
AuthorsBenats, G., A. Bandara, Y. Yu, J. - N. Colin, and B. Nuseibeh
Conference NameIEEE International Symposium on Policies for Distributed Systems and Networks
Date PublishedJune
KeywordsAndroid security, mobile applications, policy conflicts, privacy policy, role-based access control

The rapid growth of mobile applications has imposed new threats to privacy: users often find it challenging to ensure that their privacy policies are consistent with the requirements of a diverse range of of mobile applications that access personal information under different contexts. This problem exacerbates when applications depend on each other and therefore share permissions to access resources in ways that are opaque to an end-user. To meet the needs of representing privacy requirements and of resolving dependencies issues in privacy policies, we propose an extension to the P-RBAC model for reasoning about plausible scenarios that can exploit such weaknesses of mobile systems. This work has been evaluated using the case studies on several Android mobile applications.