Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Preprint |
| Published: |
2023
|
| Subjects: | |
| Online Access: | https://arxiv.org/abs/2303.10795 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1866909379999039488 |
|---|---|
| author | Garg, Vaibhav Guo, Hui Ajmeri, Nirav Bhattacharya, Saikath Singh, Munindar P. |
| author_facet | Garg, Vaibhav Guo, Hui Ajmeri, Nirav Bhattacharya, Saikath Singh, Munindar P. |
| contents | Problem: We address the challenge in responsible computing where an exploitable mobile app is misused by one app user (an abuser) against another user or bystander (victim). We introduce the idea of a misuse audit of apps as a way of determining if they are exploitable without access to their implementation.
Method: We leverage app reviews to identify exploitable apps and their functionalities that enable misuse. First, we build a computational model to identify alarming reviews (which report misuse). Second, using the model, we identify exploitable apps and their functionalities. Third, we validate them through manual inspection of reviews.
Findings: Stories by abusers and victims mostly focus on past misuses, whereas stories by third parties mostly identify stories indicating the potential for misuse. Surprisingly, positive reviews by abusers, which exhibit language with high dominance, also reveal misuses. In total, we confirmed 156 exploitable apps facilitating the misuse. Based on our qualitative analysis, we found exploitable apps exhibiting four types of exploitable functionalities.
Implications: Our method can help identify exploitable apps and their functionalities, facilitating misuse audits of a large pool of apps. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2303_10795 |
| institution | arXiv |
| publishDate | 2023 |
| record_format | arxiv |
| spellingShingle | Understanding Mobile App Reviews to Guide Misuse Audits Garg, Vaibhav Guo, Hui Ajmeri, Nirav Bhattacharya, Saikath Singh, Munindar P. Cryptography and Security Problem: We address the challenge in responsible computing where an exploitable mobile app is misused by one app user (an abuser) against another user or bystander (victim). We introduce the idea of a misuse audit of apps as a way of determining if they are exploitable without access to their implementation. Method: We leverage app reviews to identify exploitable apps and their functionalities that enable misuse. First, we build a computational model to identify alarming reviews (which report misuse). Second, using the model, we identify exploitable apps and their functionalities. Third, we validate them through manual inspection of reviews. Findings: Stories by abusers and victims mostly focus on past misuses, whereas stories by third parties mostly identify stories indicating the potential for misuse. Surprisingly, positive reviews by abusers, which exhibit language with high dominance, also reveal misuses. In total, we confirmed 156 exploitable apps facilitating the misuse. Based on our qualitative analysis, we found exploitable apps exhibiting four types of exploitable functionalities. Implications: Our method can help identify exploitable apps and their functionalities, facilitating misuse audits of a large pool of apps. |
| title | Understanding Mobile App Reviews to Guide Misuse Audits |
| topic | Cryptography and Security |
| url | https://arxiv.org/abs/2303.10795 |