{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,30]],"date-time":"2026-03-30T22:35:49Z","timestamp":1774910149870,"version":"3.50.1"},"reference-count":17,"publisher":"Emerald","issue":"4","license":[{"start":{"date-parts":[[2015,10,12]],"date-time":"2015-10-12T00:00:00Z","timestamp":1444608000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015,10,12]]},"abstract":"\n Purpose<\/jats:title>\n \u2013 This paper aims to discuss the privacy and security concerns that have risen from the permissions model in the Android operating system, along with two shortcomings that have not been adequately addressed. <\/jats:p>\n <\/jats:sec>\n \n Design\/methodology\/approach<\/jats:title>\n \u2013 The impact of the applications\u2019 evolutionary increment of permission requests from both the user\u2019s and the developer\u2019s point of view is studied, and finally, a series of remedies against the erosion of users\u2019 privacy is proposed. <\/jats:p>\n <\/jats:sec>\n \n Findings<\/jats:title>\n \u2013 The results of this work indicate that, even though providing access to personal data of smartphone users is by definition neither problematic nor unlawful, today\u2019s smartphone operating systems do not provide an adequate level of protection for the user\u2019s personal data. However, there are several ideas that can significantly improve the situation and mitigate privacy concerns of users of smart devices. <\/jats:p>\n <\/jats:sec>\n \n Research limitations\/implications<\/jats:title>\n \u2013 The proposed approach was evaluated through an examination of the Android\u2019s permission model, although issues arise in other operating systems. The authors\u2019 future intention is to conduct a user study to measure the user\u2019s awareness and concepts surrounding privacy concerns to empirically investigate the above-mentioned suggestions. <\/jats:p>\n <\/jats:sec>\n \n Practical implications<\/jats:title>\n \u2013 The proposed suggestions in this paper, if adopted in practice, could significantly improve the situation and mitigate privacy concerns of users of smart devices. <\/jats:p>\n <\/jats:sec>\n \n Social implications<\/jats:title>\n \u2013 The recommendations proposed in this paper would strongly enhance the control of users over their personal data and improve their ability to distinguish legitimate apps from malware or grayware. <\/jats:p>\n <\/jats:sec>\n \n Originality\/value<\/jats:title>\n \u2013 This paper emphasises two shortcomings of the permissions models of mobile operating systems which, in authors\u2019 view, have not been adequately addressed to date and propose an inherent way for apps and other entities of the mobile computing ecosystem to commit to responsible and transparent practices on mobile users\u2019 privacy.<\/jats:p>\n <\/jats:sec>","DOI":"10.1108\/ics-10-2014-0071","type":"journal-article","created":{"date-parts":[[2015,10,12]],"date-time":"2015-10-12T19:42:32Z","timestamp":1444678952000},"page":"394-405","source":"Crossref","is-referenced-by-count":27,"title":["Reengineering the user: privacy concerns about personal data on smartphones"],"prefix":"10.1108","volume":"23","author":[{"given":"Matina","family":"Tsavli","sequence":"first","affiliation":[]},{"given":"Pavlos S.","family":"Efraimidis","sequence":"additional","affiliation":[]},{"given":"Vasilios","family":"Katos","sequence":"additional","affiliation":[]},{"given":"Lilian","family":"Mitrou","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"key":"key2020122004570662100_b3","unstructured":"Article 29 Data Protection Working Party\n (2013), \u201cWP 202 Opinion 02\/2013 on apps on smart devices, European Commision\u201d, available at: \nhttp:\/\/ec.europa.eu\/justice\/data-protection\/article-29\/documentation\/opinion-recommendation\/files\/2013\/wp202_en.pdf (accessed September 2015)."},{"key":"key2020122004570662100_b1","doi-asserted-by":"crossref","unstructured":"Balebako, R.\n , \n Marsh, A.\n , \n Lin, J.\n , \n Hong, J.\n and \n Cranor, L.F.\n (2014), \u201cThe privacy and security behaviors of smartphone app developers\u201d, \n Workshop on Usable Security\n , USEC 2014, San Diego, CA.","DOI":"10.14722\/usec.2014.23006"},{"key":"key2020122004570662100_b2","unstructured":"Ciocchetti, C.\n (2008), \u201cJust click submit: the collection, dissemination and tagging of personally identifying information\u201d, \n Vanderbilt Journal of Entertainment and Technology Law\n , Vol. 10 No. 3, pp. 553-642."},{"key":"key2020122004570662100_b4","doi-asserted-by":"crossref","unstructured":"Egelman, S.\n , \n Felt, A.P.\n and \n Wagner, D.\n (2013), \u201cChoice architecture and smartphone privacy: there\u2019s a price for that\u201d, \n The Economics of Information Security and Privacy\n , Springer Berlin, Heidelberg, pp. 211-236.","DOI":"10.1007\/978-3-642-39498-0_10"},{"key":"key2020122004570662100_b5","unstructured":"Enck, W.\n , \n Gilbert, P.\n , \n Chun, B.\n , \n Cox, L.P.\n , \n Jung, J.\n , \n McDaniel, P.\n and \n Sheth, A.N.\n (2010), \u201cTaintDroid \u2013 an information flow tracking system for real-time privacy monitoring on smartphones\u201d, Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, Vancouver, BC, pp. 1-6."},{"key":"key2020122004570662100_b7","doi-asserted-by":"crossref","unstructured":"Felt, A.P.\n , \n Ha, E.\n , \n Egelman, S.\n , \n Haney, A.\n , \n Chin, E.\n and \n Wagner, D.\n (2012), \u201cAndroid permissions: user attention, comprehension, and behavior\u201d, Proceedings of the Eighth Symposium on Usable Privacy and Security, ACM, Washington, DC, p. 3.","DOI":"10.1145\/2335356.2335360"},{"key":"key2020122004570662100_b8","doi-asserted-by":"crossref","unstructured":"Jeon, J.\n , \n Micinski, K.K.\n , \n Vaughan, J.A.\n , \n Fogel, A.\n , \n Reddy, N.\n , \n Foster, J.S.\n and \n Millstein, T.\n (2012), \u201cDr Android and Mr Hide: fine-grained permissions in android applications\u201d, \n Proceedings of the Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM \u201812\n ), ACM, New York, NY, pp. 3-14.","DOI":"10.1145\/2381934.2381938"},{"key":"key2020122004570662100_b9","unstructured":"Mylonas, A.\n (2008), \u201cSmartphone spying tools\u201d, \n MSc Thesis\n , Royal Holloway, University of London, Egham."},{"key":"key2020122004570662100_b10","doi-asserted-by":"crossref","unstructured":"Mylonas, A.\n , \n Meletiadis, V.\n , \n Mitrou, L.\n and \n Gritzalis, D.\n (2013), \u201cSmartphone sensor data as digital evidence\u201d, \n Computers & Security\n , Vol. 38, pp. 51-75.","DOI":"10.1016\/j.cose.2013.03.007"},{"key":"key2020122004570662100_b11","doi-asserted-by":"crossref","unstructured":"Pearce, P.\n , \n Felt, A.P.\n , \n Nunez, G.\n and \n Wagner, D.\n (2012), \u201cAddroid: Privilege separation for applications and advertisers in android\u201d, Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, Seoul, ACM, pp. 71-72.","DOI":"10.1145\/2414456.2414498"},{"key":"key2020122004570662100_b12","doi-asserted-by":"crossref","unstructured":"Sarma, B.P.\n , \n Li, N.\n , \n Gates, C.\n , \n Potharaju, R.\n , \n Nita-Rotaru, C.\n and \n Molloy, I.\n (2012), \u201cAndroid permissions: a perspective combining risks and benefits\u201d, \n Proceedings of the 17th ACM symposium on Access Control Models and Technologies\n , ACM, New York, NY, pp. 13-22.","DOI":"10.1145\/2295136.2295141"},{"key":"key2020122004570662100_b13","doi-asserted-by":"crossref","unstructured":"Theoharidou, M.\n , \n Mylonas, A.\n and \n Gritzalis, D.\n (2012), \u201cA risk assessment method for smartphones\u201d, Proceedings of the 27th IFIP Information Security and Privacy Conference, Springer (AICT 376), Heraclion, pp. 443-456.","DOI":"10.1007\/978-3-642-30436-1_36"},{"key":"key2020122004570662100_b14","doi-asserted-by":"crossref","unstructured":"Urban, J.\n , \n Hoofnagle, C.\n and \n Li, S.\n (2012), \u201cMobile phones and privacy\u201d, UC Berkeley Public Law Research Paper 2103405.","DOI":"10.2139\/ssrn.2103405"},{"key":"key2020122004570662100_b15","unstructured":"Vidas, T.\n , \n Christin, N.\n and \n Cranor, L.\n (2011), \u201cCurbing android permission creep\u201d, Proceedings of the Web, 2.0 Security and Privacy Workshop (W2SP 2011), Oakland, CA, Vol. 2."},{"key":"key2020122004570662100_b16","doi-asserted-by":"crossref","unstructured":"Wei, X.\n , \n Gomez, L.\n , \n Neamtiu, I.\n and \n Faloutsos, M.\n (2012), \u201cPermission evolution in the android ecosystem\u201d, Proceedings of the 28th Annual Computer Security Applications Conference, ACM, New York, NY, pp. 31-40.","DOI":"10.1145\/2420950.2420956"},{"key":"key2020122004570662100_b17","doi-asserted-by":"crossref","unstructured":"West, R.\n (2008), \u201cThe psychology of security\u201d, \n Communications of the ACM\n , Vol. 51 No. 4, pp. 34-41.","DOI":"10.1145\/1330311.1330320"},{"key":"key2020122004570662100_frd1","unstructured":"European Parliament\n (1995), \u201cDirective 95\/46\/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data\u201d, \n Official Journal of the EC\n , Vol. 281 Nos. 23\/11, pp. 31-50."}],"container-title":["Information & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/ICS-10-2014-0071","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-10-2014-0071\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-10-2014-0071\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:23:14Z","timestamp":1753406594000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/23\/4\/394-405\/113597"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,10,12]]},"references-count":17,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2015,10,12]]}},"alternative-id":["10.1108\/ICS-10-2014-0071"],"URL":"https:\/\/doi.org\/10.1108\/ics-10-2014-0071","relation":{},"ISSN":["2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"}],"subject":[],"published":{"date-parts":[[2015,10,12]]}}}