{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,5]],"date-time":"2026-06-05T04:46:41Z","timestamp":1780634801687,"version":"3.54.1"},"reference-count":40,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2017,9,11]],"date-time":"2017-09-11T00:00:00Z","timestamp":1505088000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Google Faculty Research Award - 2016"},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CSR-1526237, CNS-1564009, SBE-1513957"],"award-info":[{"award-number":["CSR-1526237, CNS-1564009, SBE-1513957"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100006602","name":"Air Force Research Laboratory","doi-asserted-by":"publisher","award":["FA8750-15-2-0281"],"award-info":[{"award-number":["FA8750-15-2-0281"]}],"id":[{"id":"10.13039\/100006602","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Interact. Mob. Wearable Ubiquitous Technol."],"published-print":{"date-parts":[[2017,9,11]]},"abstract":"<jats:p>The enormous popularity of smartphones, their rich sensing capabilities, and the data they have about their users have lead to millions of apps being developed and used. However, these capabilities have also led to numerous privacy concerns. Platform manufacturers, as well as researchers, have proposed numerous ways of mitigating these concerns, primarily by providing fine-grained visibility and privacy controls to the user on a per-app basis. In this paper, we show that this per-app permission approach is suboptimal for many apps, primarily because most data accesses occur due to a small set of popular third-party libraries which are common across multiple apps. To address this problem, we present the design and implementation of ProtectMyPrivacy (PmP) for Android, which can detect critical contextual information at runtime when privacy-sensitive data accesses occur. In particular, PmP infers the purpose of the data access, i.e. whether the data access is by a third-party library or by the app itself for its functionality. Based on crowdsourced data, we show that there are in fact a set of 30 libraries which are responsible for more than half of private data accesses. Controlling sensitive data accessed by these libraries can therefore be an effective mechanism for managing their privacy. We deployed our PmP app to 1,321 real users, showing that the number of privacy decisions that users have to make are significantly reduced. In addition, we show that our users are better protected against data leakage when using our new library-based blocking mechanism as compared to the traditional app-level permission mechanisms.<\/jats:p>","DOI":"10.1145\/3132029","type":"journal-article","created":{"date-parts":[[2017,9,11]],"date-time":"2017-09-11T12:12:26Z","timestamp":1505131946000},"page":"1-22","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":58,"title":["Does this App Really Need My Location?"],"prefix":"10.1145","volume":"1","author":[{"given":"Saksham","family":"Chitkara","sequence":"first","affiliation":[{"name":"Carnegie Mellon University, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Nishad","family":"Gothoskar","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Suhas","family":"Harish","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jason I.","family":"Hong","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yuvraj","family":"Agarwal","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2017,9,11]]},"reference":[{"key":"e_1_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2462456.2464460"},{"key":"e_1_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2702123.2702210"},{"key":"e_1_2_2_3_1","volume-title":"App Brain Ad Libraries List. https:\/\/www.appbrain.com\/stats\/libraries\/ad","year":"2017"},{"key":"e_1_2_2_4_1","unstructured":"Apple. iOS developers have to explain the purposes for private data access. https:\/\/developer.apple.com\/library\/content\/documentation\/iPhone\/Conceptual\/iPhoneOSProgrammingGuide\/ExpectedAppBehaviors\/ExpectedAppBehaviors.html#\/\/apple_ref\/doc\/uid\/TP40007072-CH3-SW7 2017.  Apple. iOS developers have to explain the purposes for private data access. https:\/\/developer.apple.com\/library\/content\/documentation\/iPhone\/Conceptual\/iPhoneOSProgrammingGuide\/ExpectedAppBehaviors\/ExpectedAppBehaviors.html#\/\/apple_ref\/doc\/uid\/TP40007072-CH3-SW7 2017."},{"key":"e_1_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594299"},{"key":"e_1_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2501604.2501616"},{"key":"e_1_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2184489.2184500"},{"key":"e_1_2_2_8_1","volume-title":"Django - The web framework for perfectionists with deadlines","year":"2017"},{"key":"e_1_2_2_9_1","volume-title":"Proceedings of the 9th USENIX conference on Operating Systems Design and Implementation (OSDI)","author":"Enck W.","year":"2010"},{"key":"e_1_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046779"},{"key":"e_1_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2335356.2335360"},{"key":"e_1_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2381934.2381945"},{"key":"e_1_2_2_13_1","unstructured":"FTC. Android Flashlight App Developer Settles FTC Charges It Deceived Consumers. https:\/\/goo.gl\/Zf18jI.  FTC. Android Flashlight App Developer Settles FTC Charges It Deceived Consumers. https:\/\/goo.gl\/Zf18jI."},{"key":"e_1_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-30921-2_17"},{"key":"e_1_2_2_15_1","unstructured":"Google. Android UI Automation and Testing Tool. https:\/\/developer.android.com\/studio\/test\/monkey.html.  Google. Android UI Automation and Testing Tool. https:\/\/developer.android.com\/studio\/test\/monkey.html."},{"key":"e_1_2_2_16_1","unstructured":"Google. App Ops Permissions Manager: Android\u2019s permission manager. http:\/\/grepcode.com\/file\/repository.grepcode.com\/java\/ext\/com.google.android\/android\/5.1.0_r1\/android\/app\/AppOpsManager.java\/.  Google. App Ops Permissions Manager: Android\u2019s permission manager. http:\/\/grepcode.com\/file\/repository.grepcode.com\/java\/ext\/com.google.android\/android\/5.1.0_r1\/android\/app\/AppOpsManager.java\/."},{"key":"e_1_2_2_17_1","volume-title":"show permissions rationale to the users. https:\/\/developer.android.com\/training\/permissions\/requesting.html","year":"2017"},{"key":"e_1_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23089"},{"key":"e_1_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046780"},{"key":"e_1_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2971648.2971693"},{"key":"e_1_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2370216.2370290"},{"key":"e_1_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2370216.2370290"},{"key":"e_1_2_2_23_1","first-page":"199","volume-title":"Symposium On Usable Privacy and Security (SOUPS 2014","author":"Lin J.","year":"2014"},{"key":"e_1_2_2_24_1","volume-title":"Symposium on Usable Privacy and Security","author":"Liu B.","year":"2016"},{"key":"e_1_2_2_25_1","unstructured":"Marcel Bokhorst. XPrivacy. https:\/\/github.com\/M66B\/XPrivacy.  Marcel Bokhorst. XPrivacy. https:\/\/github.com\/M66B\/XPrivacy."},{"key":"e_1_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2906388.2906391"},{"key":"e_1_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/1755688.1755732"},{"key":"e_1_2_2_28_1","unstructured":"Path. Path official blog. http:\/\/blog.path.com\/post\/17274932484\/we-are-sorry 2017.  Path. Path official blog. http:\/\/blog.path.com\/post\/17274932484\/we-are-sorry 2017."},{"key":"e_1_2_2_29_1","volume-title":"Haystack: A multi-purpose mobile vantage point in user space. arXiv preprint arXiv:1510.01419","author":"Razaghpanah A.","year":"2015"},{"key":"e_1_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2906388.2906392"},{"key":"e_1_2_2_31_1","volume-title":"Symposium on Usable Privacy and Security (SOUPS)","volume":"40","author":"Sadeh J.","year":"2014"},{"key":"e_1_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2702123.2702404"},{"key":"e_1_2_2_33_1","volume-title":"Trends in Consumer Stats. https:\/\/www.statista.com\/statistics\/276623\/number-of-apps-available-in-leading-app-stores\/","year":"2017"},{"key":"e_1_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2556288.2557400"},{"key":"e_1_2_2_35_1","volume-title":"The Wall Street Journal","author":"Thurm S.","year":"2010"},{"key":"e_1_2_2_36_1","unstructured":"N. Y. Times. Mobile Apps Take Data Without Permission. http:\/\/bits.blogs.nytimes.com\/2012\/02\/15\/google-and-mobile-apps-take-data-books-without-permission\/.  N. Y. Times. Mobile Apps Take Data Without Permission. http:\/\/bits.blogs.nytimes.com\/2012\/02\/15\/google-and-mobile-apps-take-data-books-without-permission\/."},{"key":"e_1_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3025453.3025556"},{"key":"e_1_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2750858.2805833"},{"key":"e_1_2_2_39_1","volume-title":"http:\/\/repo.xposed.info\/module\/de.robv.android.xposed.installer","author":"Installer Xposed","year":"2017"},{"key":"e_1_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/2699026.2699105"}],"container-title":["Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3132029","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3132029","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3132029","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:30:33Z","timestamp":1750217433000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3132029"}},"subtitle":["Context-Aware Privacy Management for Smartphones"],"short-title":[],"issued":{"date-parts":[[2017,9,11]]},"references-count":40,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2017,9,11]]}},"alternative-id":["10.1145\/3132029"],"URL":"https:\/\/doi.org\/10.1145\/3132029","relation":{},"ISSN":["2474-9567"],"issn-type":[{"value":"2474-9567","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,9,11]]},"assertion":[{"value":"2017-05-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2017-07-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2017-09-11","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}