{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,30]],"date-time":"2025-12-30T23:54:39Z","timestamp":1767138879038,"version":"build-2238731810"},"publisher-location":"Cham","reference-count":37,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319070759","type":"print"},{"value":"9783319070766","type":"electronic"}],"license":[{"start":{"date-parts":[[2014,1,1]],"date-time":"2014-01-01T00:00:00Z","timestamp":1388534400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2014,1,1]],"date-time":"2014-01-01T00:00:00Z","timestamp":1388534400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-319-07076-6_2","type":"book-chapter","created":{"date-parts":[[2014,7,9]],"date-time":"2014-07-09T01:42:43Z","timestamp":1404870163000},"page":"21-37","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":18,"title":["Assessing Privacy Risks in Android: A User-Centric Approach"],"prefix":"10.1007","author":[{"given":"Alexios","family":"Mylonas","sequence":"first","affiliation":[]},{"given":"Marianthi","family":"Theoharidou","sequence":"additional","affiliation":[]},{"given":"Dimitris","family":"Gritzalis","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2014,7,10]]},"reference":[{"key":"2_CR1","unstructured":"Office of the privacy commissioner of Canada privacy impact assessments (2007). http:\/\/www.tbs-sct.gc.ca\/pol\/doc-eng.aspx?id=18308"},{"key":"2_CR2","unstructured":"Methodology for privacy risk management (2012). http:\/\/www.cnil.fr\/fileadmin\/documents\/en\/CNIL-ManagingPrivacyRisks-Methodology.pdf"},{"key":"2_CR3","doi-asserted-by":"crossref","unstructured":"Barrera, D., Kayacik, H., van Oorschot, P., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to Android. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 73\u201384. ACM (2010)","DOI":"10.1145\/1866307.1866317"},{"key":"2_CR4","doi-asserted-by":"crossref","unstructured":"Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in Android. In: Proceedings of the 9th International Conference on Mobile Systems, Applications and Services, pp. 239\u2013252. ACM, New York (2011)","DOI":"10.1145\/1999995.2000018"},{"key":"2_CR5","unstructured":"Cluley, G.: First iPhone worm discovered - ikee changes wallpaper to Rick Astley photo, November 2009. http:\/\/nakedsecurity.sophos.com\/2009\/11\/08\/iphone-worm-discovered-wallpaper-rick-astley-photo\/"},{"key":"2_CR6","unstructured":"Enck, W., Gilbert, P., Chun, B., Cox, L., Jung, J., McDaniel, P., Sheth, A.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, pp. 1\u20136. USENIX Association, Berkeley (2010)"},{"key":"2_CR7","unstructured":"Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of android application security. In: Proceedings of the 20th USENIX Conference on Security, pp. 21\u201321. USENIX Association, Berkeley (2011)"},{"key":"2_CR8","doi-asserted-by":"crossref","unstructured":"Felt, A., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 627\u2013638. ACM (2011)","DOI":"10.1145\/2046707.2046779"},{"key":"2_CR9","doi-asserted-by":"crossref","unstructured":"Felt, A., Egelman, S., Wagner, D.: I\u2019ve got 99 problems, but vibration ain\u2019t one: a survey of smartphone users\u2019 concerns. In: Proceedings of the 2nd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 33\u201344. ACM, New York (2012)","DOI":"10.1145\/2381934.2381943"},{"key":"2_CR10","doi-asserted-by":"crossref","unstructured":"Felt, A., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the 8th Symposium on Usable Privacy and Security. ACM (2012)","DOI":"10.1145\/2335356.2335360"},{"key":"2_CR11","unstructured":"Felt, A., Hanna, S., Chin, E., Wang, H.J., Moshchuk, E.: Permission redelegation: attacks and defenses. In: 20th Usenix Security Symposium (2011)"},{"key":"2_CR12","unstructured":"Google: Android security overview, July 2013. http:\/\/source.android.com\/devices\/tech\/security\/index.html"},{"key":"2_CR13","unstructured":"Google: Dashboards - Android developers, July 2013. http:\/\/developer.android.com\/about\/dashboards\/index.html"},{"key":"2_CR14","unstructured":"Google: Privacy policies for android apps developed by third parties (2013). https:\/\/support.google.com\/googleplay\/answer\/2666094?hl=en"},{"key":"2_CR15","unstructured":"Google: Refs - platform\/frameworks\/base - git at google (2013). https:\/\/android.googlesource.com\/platform\/frameworks\/base\/+refs"},{"key":"2_CR16","unstructured":"Grace, M., Zhou, Y., Wang, Z., Jiang, X.: Systematic detection of capability leaks in stock Android smartphones. In: Proceedings of the 19th Network and Distributed System Security Symposium (2012)"},{"key":"2_CR17","doi-asserted-by":"crossref","unstructured":"Grace, M., Zhou, W., Jiang, X., Sadeghi, A.: Unsafe exposure analysis of mobile in-app advertisements. In: Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 101\u2013112. ACM (2012)","DOI":"10.1145\/2185448.2185464"},{"key":"2_CR18","unstructured":"ICO: Privacy impact assessment handbook, v2.0. Information Commissioner\u2019s Office, United Kingdom"},{"key":"2_CR19","unstructured":"Jiang, X.: An evaluation of the application (\u201capp\u201d) verification service in android 4.2, December 2012. http:\/\/www.cs.ncsu.edu\/faculty\/jiang\/appverify\/"},{"key":"2_CR20","doi-asserted-by":"crossref","unstructured":"Lin, J., Sadeh, N., Amini, S., Lindqvist, J., Hong, J., Zhang, J.: Expectation and purpose: understanding users\u2019 mental models of mobile app privacy through crowdsourcing. In: Proceedings of the 2012 ACM Conference on Ubiquitous Computing, pp. 501\u2013510. ACM (2012)","DOI":"10.1145\/2370216.2370290"},{"key":"2_CR21","unstructured":"Marinos, L., Sfakianakis, A.: Enisa threat landscape. Technical report, ENISA (2012)"},{"key":"2_CR22","doi-asserted-by":"crossref","unstructured":"Mylonas, A., Dritsas, S., Tsoumas, B., Gritzalis, D.: Smartphone security evaluation - the malware attack case. In: Proceedings of International Conference of Security and Cryptography, pp. 25\u201336 (2011)","DOI":"10.5220\/0003446800250036"},{"key":"2_CR23","doi-asserted-by":"crossref","unstructured":"Mylonas, A., Gritzalis, D., Tsoumas, B., Apostolopoulos, T.: A qualitative metrics vector for the awareness of smartphone security users. In: 10th International Conference on Trust, Privacy & Security in Digital Business, pp. 173\u2013184 (2013)","DOI":"10.1007\/978-3-642-40343-9_15"},{"key":"2_CR24","doi-asserted-by":"publisher","first-page":"47","DOI":"10.1016\/j.cose.2012.11.004","volume":"34","author":"A Mylonas","year":"2013","unstructured":"Mylonas, A., Kastania, A., Gritzalis, D.: Delegate the smartphone user? Security awareness in smartphone platforms. Comput. Secur. 34, 47\u201366 (2013)","journal-title":"Comput. Secur."},{"key":"2_CR25","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1016\/j.cose.2013.03.007","volume":"38","author":"A Mylonas","year":"2013","unstructured":"Mylonas, A., Meletiadis, V., Mitrou, L., Gritzalis, D.: Smartphone sensor data as digital evidence. Comput. Secur. 38, 51\u201375 (2013)","journal-title":"Comput. Secur."},{"key":"2_CR26","doi-asserted-by":"crossref","unstructured":"Pearce, P., Felt, A.P., Nunez, G., Wagner, D.: Android: privilege separation for applications and advertisers in android. In: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, pp. 71\u201372. ACM (2012)","DOI":"10.1145\/2414456.2414498"},{"key":"2_CR27","doi-asserted-by":"crossref","unstructured":"Sarma, B.P., Li, N., Gates, C., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Android permissions: a perspective combining risks and benefits. In: Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, pp. 13\u201322. ACM (2012)","DOI":"10.1145\/2295136.2295141"},{"key":"2_CR28","doi-asserted-by":"crossref","unstructured":"Souppaya, M., Scarfone, K.: Guidelines for managing the security of mobile devices in the enterprise. NIST, June 2013, NIST Special Publication 800\u2013124, rev. 1 (2013)","DOI":"10.6028\/NIST.SP.800-124r1"},{"key":"2_CR29","unstructured":"Stevens, R., Gibler, C., Crussell, J., Erickson, J., Chen, H.: Investigating user privacy in android ad libraries. In: Workshop on Mobile Security Technologies (2012)"},{"key":"2_CR30","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"443","DOI":"10.1007\/978-3-642-30436-1_36","volume-title":"Information Security and Privacy Research","author":"M Theoharidou","year":"2012","unstructured":"Theoharidou, M., Mylonas, A., Gritzalis, D.: A risk assessment method for smartphones. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IFIP AICT, vol. 376, pp. 443\u2013456. Springer, Heidelberg (2012)"},{"key":"2_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"226","DOI":"10.1007\/978-3-642-39256-6_15","volume-title":"Data and Applications Security and Privacy XXVII","author":"Y Wang","year":"2013","unstructured":"Wang, Y., Zheng, J., Sun, C., Mukkamala, S.: Quantitative security risk assessment of android permissions and applications. In: Wang, L., Shafiq, B. (eds.) DBSec 2013. LNCS, vol. 7964, pp. 226\u2013241. Springer, Heidelberg (2013)"},{"issue":"3","key":"2_CR32","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1016\/j.clsr.2008.03.003","volume":"24","author":"A Warren","year":"2008","unstructured":"Warren, A., Bayley, R., Bennett, C., Charlesworth, A., Clarke, R., Oppenheim, C.: Privacy impact assessments: international experience as a basis for UK guidance. Comput. Law Secur. Rev. 24(3), 233\u2013242 (2008)","journal-title":"Comput. Law Secur. Rev."},{"key":"2_CR33","doi-asserted-by":"crossref","unstructured":"Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: Proceedings of the 2012 IEEE Symposium on Security and Privacy, pp. 95\u2013109. IEEE Computer Society (2012)","DOI":"10.1109\/SP.2012.16"},{"issue":"1","key":"2_CR34","doi-asserted-by":"publisher","first-page":"8","DOI":"10.1108\/09685220410518801","volume":"12","author":"D Gritzalis","year":"2004","unstructured":"Gritzalis, D.: Embedding privacy in IT applications development. Inf. Manag. Comput. Secur. 12(1), 8\u201326 (2004)","journal-title":"Inf. Manag. Comput. Secur."},{"issue":"4","key":"2_CR35","doi-asserted-by":"publisher","first-page":"309","DOI":"10.3109\/14639239809025367","volume":"23","author":"D Gritzalis","year":"1998","unstructured":"Gritzalis, D.: Enhancing security and improving interoperability in healthcare information systems. Inform. Health Soc. Care 23(4), 309\u2013324 (1998)","journal-title":"Inform. Health Soc. Care"},{"issue":"2\u20133","key":"2_CR36","doi-asserted-by":"publisher","first-page":"128","DOI":"10.1504\/IJRAM.2011.042113","volume":"15","author":"M Theoharidou","year":"2011","unstructured":"Theoharidou, M., Kotzanikolaou, P., Gritzalis, D.: Risk assessment methodology for interde-pendent critical infrastructures. Int. J. Risk Assess. Manag. 15(2\u20133), 128\u2013148 (2011)","journal-title":"Int. J. Risk Assess. Manag."},{"issue":"6","key":"2_CR37","doi-asserted-by":"publisher","first-page":"643","DOI":"10.1016\/j.cose.2010.02.003","volume":"29","author":"M Theoharidou","year":"2010","unstructured":"Theoharidou, M., Kotzanikolaou, P., Gritzalis, D.: A multi-layer criticality assessment methodology based on interdependencies. Comput. Secur. 29(6), 643\u2013658 (2010)","journal-title":"Comput. Secur."}],"container-title":["Lecture Notes in Computer Science","Risk Assessment and Risk-Driven Testing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-07076-6_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,3]],"date-time":"2025-05-03T14:30:24Z","timestamp":1746282624000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-07076-6_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783319070759","9783319070766"],"references-count":37,"aliases":["10.1007\/978-3-319-14114-5_2"],"URL":"https:\/\/doi.org\/10.1007\/978-3-319-07076-6_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014]]},"assertion":[{"value":"10 July 2014","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}