PrivacyPalisade: Evaluating App permissions and building privacy into smartphones

Privacy has become a key concern for smartphone users as many apps tend to access and share sensitive data. However, it is not easily understandable for users which apps access what type of data and which are the minimal access permissions required to achieve a certain functionality. Although there are apps targeting privacy concerns, they only show which type of data is accessed but not whether it is necessary for an app to achieve its functionality. We propose a model that groups apps together in terms of advertised functionality and assesses an app's privacy intrusiveness based on the requested permissions relative to similar apps. To improve user comprehension of permissions, we implement PrivacyPalisade and demonstrate Android OS level modifications that use visual cues to indicate privacy intrusiveness of an app. If an app requests a permission that is not common in its cohort, the user is notified and shown visually the permission implications. We demonstrate that the proposed approach is scalable and incurs little performance overhead.