1 / 8

User-Centric Permissions for Mobile Devices

User-Centric Permissions for Mobile Devices. Serge Egelman UC Berkeley. Making security usable. Current problems: 1. Unnecessary interactions habituate users 2. Users are asked to make decisions they are unqualified to make. Hazard Avoidance. Suggestions for Mobile Permissions.

lamond
Download Presentation

User-Centric Permissions for Mobile Devices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. User-Centric Permissions for Mobile Devices Serge Egelman UC Berkeley

  2. Making security usable Current problems: 1. Unnecessary interactions habituate users 2. Users are asked to make decisions they are unqualified to make Hazard Avoidance

  3. Suggestions for Mobile Permissions Many were habituated—too many requests Only prompt when necessary Many were unaware—too late in the process Provide information earlier Understanding requires knowing all permissions Narrow list of possible permissions A. P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner. Android Permissions: User Attention, Comprehension, and Behavior. In Proceedings of the 2012 Symposium on Usable Privacy and Security (SOUPS). Best Paper Award!

  4. There can be only one?

  5. Permission-granting mechanisms What are the pros/cons of the various ways of asking for permission? Previous study looked at install-time warnings, what about other mechanisms? (Applicable to more than just on smartphones.)

  6. Flowchart A. P. Felt, S. Egelman, M. Finifter, D. Akhawe, and D. Wagner. How to Ask for Permission. Proceedings of the USENIX Workshop on Hot Topics in Computer Security (HotSec), 2012.

  7. Impact on status quo Of the 83 permissions… Potential to dramatically reduce unnecessary interactions! Caveat: this does not reflect frequency of use.

  8. Future Work Human subjects experiments to… …improve warnings, when they’re needed …create better audit/notification mechanisms …validate the system

More Related