Use this URL to cite or link to this record in EThOS:
Title: Security and privacy in app ecosystems
Author: Taylor, Vincent
ISNI:       0000 0004 7229 1177
Awarding Body: University of Oxford
Current Institution: University of Oxford
Date of Award: 2017
Availability of Full Text:
Access from EThOS:
Full text unavailable from EThOS. Please try the link below.
Access from Institution:
Smartphones are highly-capable mobile computing devices that have dramatically changed how people do business, interact with online services, and receive entertainment. Smartphone functionality is enhanced by an ecosystem of apps seemingly covering the entire gamut of functionality. While smartphone apps have undoubtedly provided immeasurable benefit to users, they also contribute their fair share of drawbacks, such as increases in security risks and the erosion of user privacy. In this thesis, I focus on the Android smartphone operating system, and pave the way for improving the security and privacy of its app ecosystem. Chapter 3 starts by doing a comprehensive study on how Android apps have evolved over a three-year period, both in terms of their dangerous permission usage and the vulnerabilities they contain. It uncovers a trend whereby apps are using increasing numbers of dangerous permissions over time and at the same time becoming increasingly vulnerable to attack by adversaries. By analysing the Google Play Store, Android's official app marketplace, Chapter 4 shows that many general-purpose apps can be replaced with functionallysimilar alternatives to the benefit of the user. This confirms that users still wield power to improve their own security and privacy. Chapter 5 combines this insight with real-world data from approximately 30,000 smartphones to understand the actual risk that the average user faces as a result of their use of apps, and takes an important first step in measuring the improvements that can be made. Users, however, are not always aware of the risks they face and thus Chapter 6 demonstrates the feasibility of a classification system that can transparently and unobtrusively identify and alert users to the presence of apps of concern on their devices. This classification system identifies apps from features in the network traffic they generate, without itself analysing the payload of their traffic, thus maintaining a high threshold of privacy. While the work presented in this thesis has uncovered undesirable trends in app evolution, and shows that a large fraction of users are exposed to non-trivial risk from the apps they use, in many cases there is suficient diversity in the offerings of general-purpose apps in the Google Play Store to empower users to mitigate the risks coming from the apps they use. This work takes us a step further in keeping users safe as they navigate and enjoy app ecosystems.
Supervisor: Martinovic, Ivan Sponsor: Rhodes Trust
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID:  DOI: Not available
Keywords: security ; app ; smartphone ; privacy ; ecosystem