Measuring privacy risk and implied consent in app permissions


Suchana Seth and Sid Rao
Ford-Mozilla Open Web Fellows

Hack the permissions

1% of the code has 100% of the permissions Occupy Kernel!
{Suchana}, {Sid}, {MozFest2016}, {London}, {date}

Suchana Seth

Suchana Seth
  • Open Web Fellow @ Data & Society
  • a physicist-turned-data scientist
  • volunteers with DataKind to mentor data-for-good projects
  • Currently working on "Ethics of big data"

Sid Rao

Sid Rao
  • Open Web Fellow @ European Digital Rights (EDRi)
  • #FOSS #Crypto #Privacy #Security
  • Doctoral candidate @ Secure Systems Group, Aalto University
  • Currently working on "Metadata and Privacy", User tracking and "Why Copyright©?"
Know more about our Open Web Fellow cohort 2.0

What is this session about?

This session is about…

In this session

  • Know the android app permissions better.
  • Capability of app permissions → Hidden infrastructure.
  • Know the privacy risks from the policies.
  • Contribute to the discussion of "quantifying privacy".
1. Know the background.
2. Some basic scripts.
3. Discuss the future.

Why?

Our motivation

1. Very (use)less information provided.

Example: Pokémon GO

Firefox OS phones Pokémon GO - Google Play Store

2. We don't understand the permissions.

Permissions are real mess

Android App Manifest App Manifest - Android Developer Guide.
  • Every application must have an AndroidManifest.xml file in its root directory.
  • < uses-permission /> is when your application is seeking the user's permission to use some feature.
  • < permission /> is when your application is requiring other apps to seek the user's permission to use some feature of yours.

More ways of granting permissions.

  1. < uses-permission-sdk-23> and < uses-sdk>
  2. < path-permission>
  3. < permission-group>
  4. < permission-tree>
  5. < grant-uri-permission>
  6. < uses-library>
  7. < uses-feature>
  8. Many more ……
In total > 300 combinations.
(including access, feature, library, sdk, etc..)
List of all possible Android Permission combinations.

Before proceeding further...

Install the Node.js module

A module to scrape application data from the Google Play. 
        npm install google-play-scraper
        install

Get more details

       
       #  detail.js
        var gplay = require('google-play-scraper'); 
        gplay.app({appId: 'com.facebook.orca'}).then(console.log);
    searchjs

Verbose permission info

       
       #  permission.js 
        var gplay = require('google-play-scraper'); 
        gplay.permissions({appId: "com.facebook.orca"}).then(console.log);
        searchjs

3. Capabilities of permissions.

Example: Battery Statistics

{ permission: 'read battery statistics', description: 'Allows an application to read the current low-level battery use data. May allow the application to find out detailed information aboutwhich apps you use.' }

Just the battery permission.
NO GPS or any ther location permission needed!

What can just the battery statistics reveal?



Location tracking Spies can track you just by watching your phone's power use!
Y. Michalevsky et.al USENIX 2015, "PowerSpy: Location Tracking using Mobile Device Power Analysis"

Solely the list of apps.
and no further information!

What if someone knows which apps you use?



Your demographic details! E. Malmi et.al arXiv preprint, "You Are What Apps You Use: Demographic Prediction Based on User's Apps"

Welcome to the horrible UX maze!

Developer tools

K. Fawaz et.al USENIX 2015, "Anatomization and Protection of Mobile Apps’ Location Privacy Threats"

Let us take control.

Take control of your permissions

Earthphases

Activity Time

  • Open Settings. ✓
  • Click on Apps. ✓
  • Choose your favourite app. ✓
  • Click on Permissions. ✓
  • Tweak the permissions as per your privacy needs. ✓

Can we tweak more?

Little more tweaking…

Possibly yes!

Location Accuracy
  • At least you can fine-tune the accuracy of location.
  • ✓ Open Settings.
  • ✓ Click on Location.
  • ✓ Click on Mode
  • Remember:"GPS" is more than enough.

4. We don't read the privacy policies.

Some stats

  • Avg. number of apps used on a smartphone: 27.
  • But, Avg. number of apps installed: 95.
  • Avg. length of Privacy Policy: 2518 words
  • Approximate time to read it: 10 mins
  • which means … 950 minutes
  • ~16 hours (or 2 work days) read all the Privacy Policy!
Invisible Infrastructures : Mobile permissions by Share Foundation.

How to quantify Privacy.

Privacy in theory

Firefox OS phones

What are they?

  • Event-level privacy: protect any single access made by the user.
  • User-level privacy: ensure that presence or absence of an individual within a database does not affect the privacy breaches for that individual.
  • Pan-privacy: maintain a private internal state in order to protect from internal intrusions.
  • Stochastic Privacy: oncept of providing people with a guarantee that the probability that their personal data will be shared does not exceed a given bound.

Grading apps

Firefox OS phones

Grading apps..

Firefox OS phones

Some tools suggestions

Explore using "Permission Explorer"

PerformanceExplorer
  • View by categories: Which applications can access to your localization, contacts, calendar
  • View by applications: Which permissions are used by your applications
  • View by permissions: Which applications are using each permission
Permission Explorer

Revoke permission using "xPrivacy"

xPrivacy
  • Restrict the categories of data an app can access.
  • "No Data" or "Fake Data".
  • P.S: Needs the phone to be rooted.
xPrivacy Framework

Find privacy leaks using "ReCon"

Recon ReCon Framework

Thanks

OWF
  • Suchana Seth
  • Ford-Mozilla Open Web Fellow
  • Twitter: @suchanaseth
Slides: https://sidtechnical.github.io/App-tite/