Abstract

Protecting personal privacy has become an increasingly important issue as computers become a more integral part of everyday life. As people begin to trust more personal information to be contained in computers they will question if that information is safe from unwanted intrusion and access. With the rise of mobile devices (e.g., smartphones, tablets, wearable technology) users have enjoyed the convenience and availability of stored personal information in mobile devices, both in the operating system and within applications.For a mobile application to function correctly it needs permission or privileges to access and control various resources and controls on the mobile device. These permissions can range from location and account information to access to all storage on the mobile device. A single permission, or a combination of permissions, could lead to a high risk of potential privacy invasion. This privacy invasion risk can be amplified specifically for security applications when compared to non-security applications due to the administrative privileges that security applications frequently need to moderate and protect information on a mobile device. Currently there is no defined matrix or framework for analyzing privacy risks for any mobile platform, including the main mobile platforms of Android, iOS and Windows mobile.The purpose of this research is to create a framework for analyzing mobile application permissions and identify potentially invading permission. The framework produces a Privacy Invasion Profile (also known as a PIP) for each application, which can be used to compare the risk of privacy invasion for a specific application.

Degree

College and Department

Ira A. Fulton College of Engineering and Technology; Technology

Rights

http://lib.byu.edu/about/copyright/