{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,9]],"date-time":"2024-09-09T06:43:34Z","timestamp":1725864214703},"publisher-location":"Cham","reference-count":44,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319447599"},{"type":"electronic","value":"9783319447605"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-44760-5_10","type":"book-chapter","created":{"date-parts":[[2016,9,2]],"date-time":"2016-09-02T23:06:18Z","timestamp":1472857578000},"page":"153-170","source":"Crossref","is-referenced-by-count":1,"title":["A Framework for Major Stakeholders in Android Application Industry to Manage Privacy Policies of Android Applications"],"prefix":"10.1007","author":[{"given":"Shi-Cho","family":"Cha","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chuang-Ming","family":"Shiung","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tzu-Ching","family":"Liu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sih-Cing","family":"Syu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Li-Da","family":"Chien","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tsung-Ying","family":"Tsai","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2016,9,3]]},"reference":[{"key":"10_CR1","doi-asserted-by":"crossref","unstructured":"Agrawal, R., Bird, P., Grandison, T., Kiernan, J., Logan, S., Rjaibi, W.: Extending relational database systems to automatically enforce privacy policies. In: 21st International Conference on Data Engineering 2005 (ICDE 2005), Proceedings, pp. 1013\u20131022, April 2005","DOI":"10.1109\/ICDE.2005.64"},{"key":"10_CR2","doi-asserted-by":"crossref","unstructured":"Alhamed, M., Amiri, K., Omari, M., Le, W.: Comparing privacy control methods for smartphone platforms. In: 2013 1st International Workshop on the Engineering of Mobile-Enabled Systems (MOBS), pp. 36\u201341, May 2013","DOI":"10.1109\/MOBS.2013.6614221"},{"issue":"6","key":"10_CR3","doi-asserted-by":"crossref","first-page":"259","DOI":"10.1145\/2666356.2594299","volume":"49","author":"S Arzt","year":"2014","unstructured":"Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., McDaniel, P.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. SIGPLAN Not. 49(6), 259\u2013269 (2014)","journal-title":"SIGPLAN Not."},{"key":"10_CR4","unstructured":"Bal, G.: Explicitness of consequence information in privacy warnings: experimentally investigating the effects on perceived risk, trust, and privacy information quality. In: Myers, M.D., Straub, D.W., (eds.) ICIS. Association for Information Systems (2014)"},{"key":"10_CR5","doi-asserted-by":"crossref","unstructured":"Balebako, R., Schaub, F., Adjerid, I., Acquisti, A., Cranor, L: The impact of timing on the salience of smartphone app privacy notices. In: Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2015), New York, NY, USA, pp. 63\u201374. ACM (2015)","DOI":"10.1145\/2808117.2808119"},{"key":"10_CR6","doi-asserted-by":"crossref","unstructured":"Cha, S.-C., Huang, K.J., Chang, H.M.: An efficient and flexible way to protect privacy in RFID environment with licenses. In: 2008 IEEE International Conference on RFID, pp. 35\u201342, April 2008","DOI":"10.1109\/RFID.2008.4519361"},{"key":"10_CR7","volume-title":"An In-Depth Guide to Android\u2019s Security Architecture","author":"N Elenkov","year":"2014","unstructured":"Elenkov, N., Internals, A.S.: An In-Depth Guide to Android\u2019s Security Architecture. No Starch Press, San Francisco (2014)"},{"key":"10_CR8","unstructured":"Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: Taintdroid: an information-flow tracking system for real time privacy monitoring on smartphones. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation (OSDI 2010), Berkeley, pp. 393\u2013407. USENIX Association (2010)"},{"key":"10_CR9","unstructured":"European Commission Article 29 Data Protection Working Party. Opinion 02\/2013 on apps on smart devices. 00461\/13\/EN, Wp. 202 (2013)"},{"key":"10_CR10","unstructured":"Felt, A.P., Greenwood, K, Wagner, D.: The effectiveness of application permissions. In: Proceedings of the 2nd USENIX Conference on Web Application Development (WebApps 2011), Berkeley, CA, USA, p. 7. USENIX Association (2011)"},{"key":"10_CR11","doi-asserted-by":"crossref","unstructured":"Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the Eighth Symposium on Usable Privacy and Security (SOUPS 2012), New York, NY, USA, pp. 3:1\u20133:14. ACM (2012)","DOI":"10.1145\/2335356.2335360"},{"issue":"3","key":"10_CR12","doi-asserted-by":"crossref","first-page":"252","DOI":"10.1109\/TDSC.2013.58","volume":"11","author":"CS Gates","year":"2014","unstructured":"Gates, C.S., Chen, J., Li, N., Proctor, R.W.: Effective risk communication for android apps. IEEE Trans. Dependable Secure Comput. 11(3), 252\u2013265 (2014)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"issue":"3","key":"10_CR13","doi-asserted-by":"crossref","first-page":"238","DOI":"10.1109\/TDSC.2014.2302293","volume":"11","author":"CS Gates","year":"2014","unstructured":"Gates, C.S., Li, N., Peng, H., Sarma, B., Qi, Y., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Generating summary risk scores for mobile applications. IEEE Trans. Dependable Secure Comput. 11(3), 238\u2013251 (2014)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"10_CR14","doi-asserted-by":"crossref","unstructured":"Hao, S., Liu, B., Nath, S., Halfond, W.G.J., Govindan, R.: PUMA: programmable UI-automation for large-scale dynamic analysis of mobile apps. In: Proceedings of the 12th Annual International Conference on Mobile Systems, Applications, and Services (MobiSys 2014), New York, NY, USA, pp. 204\u2013217. ACM (2014)","DOI":"10.1145\/2594368.2594390"},{"key":"10_CR15","unstructured":"Harris, K.D.: Privacy on the go, recommendations for the mobile ecosystem. California Dept. of Justice Recommendations (2013)"},{"key":"10_CR16","unstructured":"IDC Research, Inc. Smartphone os market share, 2015 q2. IDC Research Report (2013). http:\/\/www.idc.com\/prodserv\/smartphone-os-market-share.jsp . Accessed 24 June 2016"},{"key":"10_CR17","doi-asserted-by":"crossref","unstructured":"Jing, Y., Ahn, G.-J., Zhao, Z., Hu, H.: RiskMon: continuous and automated risk assessment of mobile applications. In: Proceedings of the 4th ACM Conference on Data and Application Security and Privacy (CODASPY 2014), New York, NY, USA, pp. 99\u2013110. ACM (2014)","DOI":"10.1145\/2557547.2557549"},{"key":"10_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"68","DOI":"10.1007\/978-3-642-34638-5_6","volume-title":"Financial Cryptography and Data Security","author":"PG Kelley","year":"2012","unstructured":"Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N., Wetherall, D.: A conundrum of permissions: installing applications on an android smartphone. In: Blyth, J., Dietrich, S., Camp, L.J. (eds.) FC 2012. LNCS, vol. 7398, pp. 68\u201379. Springer, Heidelberg (2012)"},{"key":"10_CR19","doi-asserted-by":"crossref","unstructured":"Kong, D., Cen, L., Jin, H.: AUTOREB: automatically understanding the review-to-behavior fidelity in android applications. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS 2015), New York, NY, USA, pp. 530\u2013541. ACM (2015)","DOI":"10.1145\/2810103.2813689"},{"key":"10_CR20","unstructured":"Lake, I.: Building better apps with runtime permissions. Android Developers Blog (2015). http:\/\/android-developers.blogspot.tw\/2015\/08\/building-better-apps-with-runtime.html . Accessed 24 June 2016"},{"issue":"2","key":"10_CR21","first-page":"1","volume":"5","author":"I Liccardi","year":"2013","unstructured":"Liccardi, I., Pato, J., Weitzner, D.J.: Improving mobile app selection through transparency and better permission analysis. J. Priv. Confidentiality 5(2), 1\u201355 (2013)","journal-title":"J. Priv. Confidentiality"},{"key":"10_CR22","doi-asserted-by":"crossref","unstructured":"Lin, B., Chen, Y., Chen, X., Yu, Y.: Comparison between JSON and XML in applications based on AJAX. In: Proceedings of the 2012 International Conference on Computer Science and Service System (CSSS 2012), Washington, DC, USA, pp. 1174\u20131177. IEEE Computer Society (2012)","DOI":"10.1109\/CSSS.2012.297"},{"key":"10_CR23","doi-asserted-by":"crossref","unstructured":"Lin, J., Amini, S., Hong, J.I., Sadeh, N., Lindqvist, J., Zhang, J.: Expectation and purpose: understanding users\u2019 mental models of mobile app privacy through crowdsourcing. In: Proceedings of the 2012 ACM Conference on Ubiquitous Computing (UbiComp 2012), New York, NY, USA, pp. 501\u2013510. ACM (2012)","DOI":"10.1145\/2370216.2370290"},{"key":"10_CR24","unstructured":"Egelman, S., Cranor, L., Dobbs, B., Hogben, G., Humphrey, J., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J., Schunter, M., Stampley, D.A., Wenning, R.: The platform for privacy preferences 1.1 (P3P1.1) specification. In: W3C Specification (2006). https:\/\/www.w3.org\/TR\/P3P11\/ . Accessed 24 June 2016"},{"key":"10_CR25","unstructured":"Mobile Marketing Association Privacy and Advicacy Committee. Mobile application privacy policy framework. MMA White Paper (2011). http:\/\/www.mmaglobal.com\/news\/mobile-marketing-association-releases-final-privacy-policy-guidelines-mobile-apps . Accessed 24 June 2016"},{"key":"10_CR26","unstructured":"Office of the Privacy Commissioner of Canada, IPC of Alberta external, and IPC for British Columbia. Seizing opportunity: good privacy practices for developing mobile apps. OPC Guidance Documents (2012). https:\/\/www.priv.gc.ca\/information\/pub\/gd_app_201210_e.asp"},{"key":"10_CR27","doi-asserted-by":"crossref","unstructured":"Olurin, M., Adams, C., Logrippo, L.: Platform for privacy preferences (P3P): current status and future directions. In: 2012 Tenth Annual International Conference on Privacy, Security and Trust (PST), pp. 217\u2013220, July 2012","DOI":"10.1109\/PST.2012.6297943"},{"key":"10_CR28","unstructured":"Payment Card Industry (PCI) Security Standards Council, LLC. Template for report on compliance for use with PCI DSS v3.1, PCI reporting templates (2015). https:\/\/www.pcisecuritystandards.org\/documents\/PCI_DSS_v3_1_ROC_Reporting_Template.pdf"},{"key":"10_CR29","doi-asserted-by":"crossref","unstructured":"Petsas, T., Voyatzis, G., Athanasopoulos, E., Polychronakis, M., Ioannidis, S.: Rage against the virtual machine: hindering dynamic analysis of android malware. In: Proceedings of the Seventh European Workshop on System Security (EuroSec 2014), New York, NY, USA, pp. 5:1\u20135:6. ACM (2014)","DOI":"10.1145\/2592791.2592796"},{"key":"10_CR30","doi-asserted-by":"crossref","unstructured":"Rastogi, V., Chen, Y., Enck, W.: Apps playground: automatic security analysis of smart phone applications. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy (CODASPY 2013), New York, NY,USA, pp. 209\u2013220. ACM (2013)","DOI":"10.1145\/2435349.2435379"},{"key":"10_CR31","unstructured":"Reed, B.: IDC: smartphone shipments to top feature phone shipments for first time ever in 2013. Yahoo! News (2013). http:\/\/news.yahoo.com\/idc-smartphone-shipments-top-feature-phone-shipments-first-020026360.html . Accessed 24 June 2016"},{"key":"10_CR32","doi-asserted-by":"crossref","unstructured":"Said, A.A., Hussin, A.R.C., Dahlan, H.M., Pour, M.M.H.: Privacy policy preference (P3P) in e-commerce: key for improvement. In: 2012 International Conference on Information Retrieval Knowledge Management (CAMP), pp. 177\u2013181, March 2012","DOI":"10.1109\/InfRKM.2012.6205030"},{"key":"10_CR33","doi-asserted-by":"crossref","unstructured":"Shen, F., Vishnubhotla, N., Todarka, C., Arora, M., Dhandapani, B., Lehner, E.J., Ko, S.Y., Ziarek, L.: Information flows as a permission mechanism. In: Proceedings of the 29th ACM\/IEEE International Conference on Automated Software Engineering (ASE 2014), New York, NY, USA, pp. 515\u2013526. ACM (2014)","DOI":"10.1145\/2642937.2643018"},{"key":"10_CR34","unstructured":"Terms feed. Sample privacy policy template. Online document (2014). https:\/\/termsfeed.com\/blog\/sample-privacy-policy-template\/ . Accessed 24 June 2016"},{"key":"10_CR35","doi-asserted-by":"crossref","unstructured":"Tian, Y., Liu, B., Dai, W., Ur, B., Tague, P., Cranor, L.F.: Supporting privacy-conscious app update decisions with user reviews. In: Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2015), New York, NY, USA, pp. 51\u201361. ACM (2015)","DOI":"10.1145\/2808117.2808124"},{"key":"10_CR36","doi-asserted-by":"crossref","unstructured":"Tomuro, N., Lytinen, S., Hornsburg, K.: Automatic summarization of privacy policies using ensemble learning. In: Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy (CODASPY 2016), New York, NY, USA, pp. 133\u2013135. ACM (2016)","DOI":"10.1145\/2857705.2857741"},{"key":"10_CR37","unstructured":"US NTIA. Short form notice code of conduct to promote transparency in mobile app practices (2013). https:\/\/www.ntia.doc.gov\/files\/ntia\/publications\/july_25_code_draft.pdf . Accessed 29 Mar 2016"},{"key":"10_CR38","unstructured":"US State of California Department of Justice. Attorney general Kamala D. Harris notifies mobile app developers of non-compliance with california privacy law. US California Dept of Justice Press News (2012). https:\/\/oag.ca.gov\/news\/press-releases\/attorney-general-kamala-d-harris-notifies-mobile-app-developers-non-compliance . Accessed 24 June 2016"},{"key":"10_CR39","doi-asserted-by":"crossref","unstructured":"Vidas, T., Christin, N.: Evading android runtime analysis via sandbox detection. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (ASIA CCS 2014), New York, NY, USA, pp. 447\u2013458. ACM (2014)","DOI":"10.1145\/2590296.2590325"},{"key":"10_CR40","doi-asserted-by":"crossref","unstructured":"Vidas, T., Tan, J., Nahata, J., Tan, C.L., Christin, N., Tague, P.: A5: automated analysis of adversarial android applications. In: Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2014), New York, NY, USA, pp. 39\u201350. ACM (2014)","DOI":"10.1145\/2666620.2666630"},{"key":"10_CR41","doi-asserted-by":"crossref","unstructured":"Xu, Z., Zhu, S.: Semadroid: a privacy-aware sensor management framework for smartphones. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy (CODASPY 2015), New York, NY, USA, pp. 61\u201372. ACM (2015)","DOI":"10.1145\/2699026.2699114"},{"key":"10_CR42","unstructured":"Yan, L.K., Yin, H.: Droidscope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic android malware analysis. In: Proceedings of the 21st USENIX Conference on Security Symposium (Security 2012), Berkeley, CA, USA, p. 29. USENIX Association (2012)"},{"key":"10_CR43","doi-asserted-by":"crossref","unstructured":"Yang, Z., Yang, M., Zhang, Y., Gu, G., Ning, P., Wang, X.S.: AppIntent: analyzing sensitive data transmission in android for privacy leakage detection. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS 2013), New York, NY, USA, pp. 1043\u20131054. ACM (2013)","DOI":"10.1145\/2508859.2516676"},{"key":"10_CR44","doi-asserted-by":"crossref","unstructured":"Zhang, Y., Yang, M., Xu, B., Yang, Z., Gu, G., Ning, P., Wang, X.S., Zang, B.: Vetting undesirable behaviors in android apps with permission use analysis. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS 2013), pp. 611\u2013622. ACM (2013)","DOI":"10.1145\/2508859.2516689"}],"container-title":["Lecture Notes in Computer Science","Privacy Technologies and Policy"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-44760-5_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,6,24]],"date-time":"2017-06-24T21:56:10Z","timestamp":1498341370000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-44760-5_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319447599","9783319447605"],"references-count":44,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-44760-5_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2016]]}}}