Write a Blog >>
ICSE 2020
Wed 24 June - Thu 16 July 2020
Thu 9 Jul 2020 01:25 - 01:37 at Baekje - P16-Security and Learning Chair(s): Lingming Zhang

Mobile application (app) developers commonly utilize analytic services to analyze their app users’ behavior to support debugging, service quality, and advertising. Anonymization and aggregation can reduce the sensitivity of behavioral data, and analytic services may encourage the use of these protections, however, developers can misconfigure the analytic services and expose personal information to greater privacy risk. Since people use apps in every aspect of their daily lives, apps may contain a lot of personal information, such as a user’s real-time location, health data, or dating preferences. To study this issue and identify potential privacy risks due to such misconfigurations, we developed a semi-automated approach, Privacy-Aware Analytics Misconfiguration Detector (PAMDroid), which enables the empirical analysis of modern analytic service practices. This paper describes a study of 1,000 top apps using top analytic services using PAMDroid in which we found misconfigurations in 120 apps, among which, 52 apps also cause a violation of either the analytic service providers’ terms of service or the app’s own privacy policy.

Conference Day
Thu 9 Jul

Displayed time zone: (UTC) Coordinated Universal Time change

01:05 - 02:05
P16-Security and LearningTechnical Papers / Journal First at Baekje
Chair(s): Lingming ZhangThe University of Texas at Dallas
01:05
12m
Talk
Software Visualization and Deep Transfer Learning for Effective Software Defect PredictionTechnical
Technical Papers
Jinyin ChenCollege of Information Engineering, Zhejiang University of Technology, Hangzhou 310023, China, Keke HuCollege of Information Engineering, Zhejiang University of Technology, Hangzhou 310023, China, Yue YuCollege of Computer, National University of Defense Technology, Changsha 410073, China, Zhuangzhi ChenCollege of Information Engineering, Zhejiang University of Technology, Hangzhou 310023, China, Qi XuanInstitute of Cyberspace Security, Zhejiang University of Technology, Hangzhou 310023, China, Yi LiuInstitute of Process Equipment and Control Engineering, Zhejiang University of Technology, Hangzhou 310023, China, Vladimir FilkovUniversity of California at Davis, USA
01:17
8m
Talk
Easy-to-Deploy API Extraction by Multi-Level Feature Embedding and Transfer LearningJ1
Journal First
Suyu MaMonash University, Zhenchang XingAustralia National University, Chunyang ChenMonash University, Cheng ChenPricewaterhouseCoopers Firm, Lizhen QuMonash University, Guoqiang LiShanghai Jiao Tong University
01:25
12m
Talk
How Does Misconfiguration of Analytic Services Compromise Mobile Privacy?TechnicalArtifact Available
Technical Papers
Xueling ZhangUniversity of Texas at San Antonio, Xiaoyin WangUniversity of Texas at San Antonio, USA, Rocky SlavinUniversity of Texas at San Antonio, Travis BreauxCarnegie Mellon University, Jianwei NiuUniversity of Texas at San Antonio
01:37
12m
Talk
Securing UnSafe Rust Programs with XRustArtifact ReusableTechnical
Technical Papers
Peiming LiuTexas A&M University, Gang ZhaoTexas A&m University, Jeff HuangTexas A&M University
01:49
12m
Talk
Is Rust Used Safely by Software Developers?Technical
Technical Papers
Ana Nora EvansUniversity of Virginia, USA, Bradford CampbellUniversity of Virginia, Mary Lou SoffaUniversity of Virginia