ZTE Communications ›› 2016, Vol. 14 ›› Issue (S0): 37-43.doi: 10.3969/j.issn.1673-5188.2016.S0.003

• Special Topic • Previous Articles     Next Articles

Design and Implementation of Privacy Impact Assessment for Android Mobile Devices

CHEN Kuan-Lin, YANG Chung-Huang   

  1. Dept.Software Engineering and Management,National Kaohsiung Normal University,Kaohsiung,Taiwan 802,China
  • Received:2016-04-21 Online:2016-06-01 Published:2019-11-29
  • About author:CHEN Kuan-Lin (kuanlin81625@outlook.com) received the BS degree from National Pingtung University of Education in 2014. He is currently a master student at Department of Software Engineering and Management, National Kaohsiung Normal University. He is actively involved in mobile platform security.
    YANG Chung-Huang (chyang@nknu.edu.tw) has a PhD degree in computer engineering from the University of Louisiana at Lafayette in 1990. He is currently professor at the National Kaohsiung Normal University, distinguished professor at the Xi’an University of Posts and Telecommunications, and guest professor at the Xidian University. Previously, he was a software engineer at the RSA Data Security, Inc. (Redwood City, USA) in 1991, a postdoctoral fellow at the NTT Network Information Systems Laboratories (Yokosuka, Japan) in 1991-1993, and a project manager of the Information Security and Cryptology Project at the Telecommunication Laboratories, Chunghwa Telecom (Taiwan) in 1995-1997. For more details, please refer to http:// security.nknu.edu.tw/.
  • Supported by:
    This work was supported in part by the Ministry of Science and Technology of Taiwan,China under Grant No.MOST 102-2221-E-017-003-MY3

Abstract: There are a lot of personal information stored in our smartphones, for instance, contacts, messages, photos, banking credentials and social network access. Therefore, ensuring personal data safety is a critical research and practical issue. The objective of this paper is to evaluate the influence of personal data security and decrease the privacy risks in the Android system. We apply the concept of privacy impact assessment (PIA) to design a system, which identifies permission requirements of apps, detects the potential activities from the logger and analyses the configuration settings. The system provides a user-friendly interface for users to get in-depth knowledge of the impact of privacy risk, and it could run on Android devices without USB teleport and network connection to avoid other problems. Our research finds that many apps announce numerous unnecessary permissions, and the application installing confirmation dialog does not show all requirement permissions when apps are installed first time.

Key words: privacy impact assessment, privacy risk, personal information, Android permission, configuration settings