Saved in:
Bibliographic Details
Main Authors: Garg, Vaibhav, Guo, Hui, Ajmeri, Nirav, Bhattacharya, Saikath, Singh, Munindar P.
Format: Preprint
Published: 2023
Subjects:
Online Access:https://arxiv.org/abs/2303.10795
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866909379999039488
author Garg, Vaibhav
Guo, Hui
Ajmeri, Nirav
Bhattacharya, Saikath
Singh, Munindar P.
author_facet Garg, Vaibhav
Guo, Hui
Ajmeri, Nirav
Bhattacharya, Saikath
Singh, Munindar P.
contents Problem: We address the challenge in responsible computing where an exploitable mobile app is misused by one app user (an abuser) against another user or bystander (victim). We introduce the idea of a misuse audit of apps as a way of determining if they are exploitable without access to their implementation. Method: We leverage app reviews to identify exploitable apps and their functionalities that enable misuse. First, we build a computational model to identify alarming reviews (which report misuse). Second, using the model, we identify exploitable apps and their functionalities. Third, we validate them through manual inspection of reviews. Findings: Stories by abusers and victims mostly focus on past misuses, whereas stories by third parties mostly identify stories indicating the potential for misuse. Surprisingly, positive reviews by abusers, which exhibit language with high dominance, also reveal misuses. In total, we confirmed 156 exploitable apps facilitating the misuse. Based on our qualitative analysis, we found exploitable apps exhibiting four types of exploitable functionalities. Implications: Our method can help identify exploitable apps and their functionalities, facilitating misuse audits of a large pool of apps.
format Preprint
id arxiv_https___arxiv_org_abs_2303_10795
institution arXiv
publishDate 2023
record_format arxiv
spellingShingle Understanding Mobile App Reviews to Guide Misuse Audits
Garg, Vaibhav
Guo, Hui
Ajmeri, Nirav
Bhattacharya, Saikath
Singh, Munindar P.
Cryptography and Security
Problem: We address the challenge in responsible computing where an exploitable mobile app is misused by one app user (an abuser) against another user or bystander (victim). We introduce the idea of a misuse audit of apps as a way of determining if they are exploitable without access to their implementation. Method: We leverage app reviews to identify exploitable apps and their functionalities that enable misuse. First, we build a computational model to identify alarming reviews (which report misuse). Second, using the model, we identify exploitable apps and their functionalities. Third, we validate them through manual inspection of reviews. Findings: Stories by abusers and victims mostly focus on past misuses, whereas stories by third parties mostly identify stories indicating the potential for misuse. Surprisingly, positive reviews by abusers, which exhibit language with high dominance, also reveal misuses. In total, we confirmed 156 exploitable apps facilitating the misuse. Based on our qualitative analysis, we found exploitable apps exhibiting four types of exploitable functionalities. Implications: Our method can help identify exploitable apps and their functionalities, facilitating misuse audits of a large pool of apps.
title Understanding Mobile App Reviews to Guide Misuse Audits
topic Cryptography and Security
url https://arxiv.org/abs/2303.10795