Article Preview
Top1. Introduction
The mobile shift of computer usage has swerved personal computing towards mobile sphere. Today, much of the existing third-party mobile applications’ developers use standardized application program interfaces (APIs) to build and release applications that can not only access users’ data, but also collect and transmit users’ personal information without their consent (Panzarino, 2013; Robertson, 2013). In this capacity, many have raised concerns about the potential impairment of leaving users’ personal data vulnerable and probably misused (Grace, Y. Zhou, Wang, & Jiang, 2012; Haris, Haddadi, & Hui, 2014).
At present, nearly 70% of the network usage actions generated by mobile applications' services have become invisible (Tu, Peng, Li, & Ma, 2013). More critically, current existing mobile platforms, namely Android, Apple and iOS, typically leave it to the users to specify the permission of third-party applications’ access to users’ mobile devices (Ferreira, Kostakos, Beresford, Lindqvist, & Dey, 2015; Fu, Yang, Shingte, Lindqvist, & Gruteser, 2014). Therefore, it is the user who bears the responsibility of defining the permission level of third-party applications' access to either accepting all or opting not to allow access for such applications (Agarwal & Hall, 2013). Furthermore, several studies report a lack of users’ awareness of privacy and security risks associated with installing third-party applications on their mobile devices (Kelley, Cranor, & Sadeh, 2013). For example, (Felt et al., 2012) reports that most users overlook the permission warranted to third-party applications at installation time.
The excessive penetration of mobile applications’ usage into most daily life activities suggests that ensuring users’ trust needs to start from the mobile devices. For example, Distefano, Grillo, Lentini, and Italiano (2010) proposes leveraging the level of privileges of mobile devices’ owners in terms of trust and network access controls, commonly set by default at low levels throughout the installation lifecycle of applications on these devices, to protect users’ information from malicious attacks and/or intrusions. In addition, (Hornyack, Han, Jung, Schechter, & Wetherall, 2011) suggests a framework to shadow users’ personal data in places that users want to keep private to block network transmissions that contain such data. Similarly, Balebako, Jung, Lu, Cranor, and Nguyen (2013); (Rastogi, Chen, & Enck, 2013) propose a notification alert that appears when users’ personal data is subject to sharing and displays a visual summary of the shared subject data, such as location, identity, and contacts. However, such network access measures do not take into account the nature of users’ context in mobility.
In this paper we propose a context-based network access framework for eliciting context information and adapting this information with mobile applications’ network access measures, where and when such a decision is required. The request is analyzed based on both users’ context, collected from the mobile device sensors, and the application network access settings using the fuzzy Analytic Hierarchy Process (AHP) method. In turn, the network access mechanism yields a network access alert prior to users’ launching of the mobile application. For validation purposes, we implement our proposed network access mechanism in the Android Operating System (OS) running on mobile devices. The remainder of this paper is structured as follows. In Section 2, we review related work. In section 3, we present the fuzzy AHP method. Section 4 presents an illustration analysis of the proposed framework. In Section 5, we present a prototype and evaluation of the network access mechanism. We conclude the paper with final comments.