Privacy concerns have long been expressed around smart devices, and the concerns around Android apps have been studied by many past works. Over the past 10 years, we have crawled and scraped data for almost 1.9 million apps, and also stored the APKs for 135,536 of them. In this paper, we examine the trends in how Android apps have changed over time with respect to privacy and look at it from two perspectives: (1) how privacy behavior in apps have changed as they are updated over time, (2) how these changes can be accounted for when comparing third-party libraries and the app's own internals. To study this, we examine the adoption of HTTPS, whether apps scan the device for other installed apps, the use of permissions for privacy-sensitive data, and the use of unique identifiers. We find that privacy-related behavior has improved with time as apps continue to receive updates, and that the third-party libraries used by apps are responsible for more issues with privacy. However, we observe that in the current state of Android apps, there has not been enough of an improvement in terms of privacy and many issues still need to be addressed.
相關內容
Android(安卓)是(shi)一種以(yi) Linux 為基礎(chu)開發的(de)開放源代碼的(de)操作系(xi)統(tong),主要應(ying)用于(yu)便攜設(she)備。2005 年,Android 公司被 Google 收購(gou),隨后 Google 聯合制(zhi)造商組(zu)成(cheng)開放手機聯盟。Android 已從智(zhi)(zhi)能(neng)手機領域逐漸(jian)擴展到平板電(dian)(dian)腦、智(zhi)(zhi)能(neng)電(dian)(dian)視(及機頂(ding)盒)、游(you)戲機、物聯網、智(zhi)(zhi)能(neng)手表、車載(zai)系(xi)統(tong)、VR以(yi)及PC等領域。
The variational autoencoder (VAE) is a popular deep latent variable model used to analyse high-dimensional datasets by learning a low-dimensional latent representation of the data. It simultaneously learns a generative model and an inference network to perform approximate posterior inference. Recently proposed extensions to VAEs that can handle temporal and longitudinal data have applications in healthcare, behavioural modelling, and predictive maintenance. However, these extensions do not account for heterogeneous data (i.e., data comprising of continuous and discrete attributes), which is common in many real-life applications. In this work, we propose the heterogeneous longitudinal VAE (HL-VAE) that extends the existing temporal and longitudinal VAEs to heterogeneous data. HL-VAE provides efficient inference for high-dimensional datasets and includes likelihood models for continuous, count, categorical, and ordinal data while accounting for missing observations. We demonstrate our model's efficacy through simulated as well as clinical datasets, and show that our proposed model achieves competitive performance in missing value imputation and predictive accuracy.
The human footprint is having a unique set of ridges unmatched by any other human being, and therefore it can be used in different identity documents for example birth certificate, Indian biometric identification system AADHAR card, driving license, PAN card, and passport. There are many instances of the crime scene where an accused must walk around and left the footwear impressions as well as barefoot prints and therefore, it is very crucial to recovering the footprints from identifying the criminals. Footprint-based biometric is a considerably newer technique for personal identification. Fingerprints, retina, iris and face recognition are the methods most useful for attendance record of the person. This time the world is facing the problem of global terrorism. It is challenging to identify the terrorist because they are living as regular as the citizens do. Their soft target includes the industries of special interests such as defence, silicon and nanotechnology chip manufacturing units, pharmacy sectors. They pretend themselves as religious persons, so temples and other holy places, even in markets is in their targets. These are the places where one can obtain their footprints quickly. The gait itself is sufficient to predict the behaviour of the suspects. The present research is driven to identify the usefulness of footprint and gait as an alternative to personal identification.
Mobile devices have been manufactured and enhanced at growing rates in the past decades. While this growth has significantly evolved the capability of these devices, their security has been falling behind. This contrast in development between capability and security of mobile devices is a significant problem with the sensitive information of the public at risk. Continuing the previous work in this field, this study identifies key Machine Learning algorithms currently being used for behavioral biometric mobile authentication schemes and aims to provide a comprehensive review of these algorithms when used with touch dynamics and phone movement. Throughout this paper the benefits, limitations, and recommendations for future work will be discussed.
Many studies have demonstrated that mobile applications are common means to collect massive amounts of personal data. This goes unnoticed by most users, who are also unaware that many different organizations are receiving this data, even from multiple apps in parallel. This paper assesses different techniques to identify the organizations that are receiving personal data flows in the Android ecosystem, namely the WHOIS service, SSL certificates inspection, and privacy policy textual analysis. Based on our findings, we propose a fully automated method that combines the most successful techniques, achieving a 94.73% precision score in identifying the recipient organization. We further demonstrate our method by evaluating 1,000 Android apps and exposing the corporations that collect the users' personal data.
Data collection and research methodology represents a critical part of the research pipeline. On the one hand, it is important that we collect data in a way that maximises the validity of what we are measuring, which may involve the use of long scales with many items. On the other hand, collecting a large number of items across multiple scales results in participant fatigue, and expensive and time consuming data collection. It is therefore important that we use the available resources optimally. In this work, we consider how a consideration for theory and the associated causal/structural model can help us to streamline data collection procedures by not wasting time collecting data for variables which are not causally critical for subsequent analysis. This not only saves time and enables us to redirect resources to attend to other variables which are more important, but also increases research transparency and the reliability of theory testing. In order to achieve this streamlined data collection, we leverage structural models, and Markov conditional independency structures implicit in these models to identify the substructures which are critical for answering a particular research question. In this work, we review the relevant concepts and present a number of didactic examples with the hope that psychologists can use these techniques to streamline their data collection process without invalidating the subsequent analysis. We provide a number of simulation results to demonstrate the limited analytical impact of this streamlining.
Cryptocurrency has been extensively studied as a decentralized financial technology built on blockchain. However, there is a lack of understanding of user experience with cryptocurrency exchanges, the main means for novice users to interact with cryptocurrency. We conduct a qualitative study to provide a panoramic view of user experience and security perception of exchanges. All 15 Chinese participants mainly use centralized exchanges (CEX) instead of decentralized exchanges (DEX) to trade decentralized cryptocurrency, which is paradoxical. A closer examination reveals that CEXes provide better usability and charge lower transaction fee than DEXes. Country-specific security perceptions are observed. Though DEXes provide better anonymity and privacy protection, and are free of governmental regulation, these are not necessary features for many participants. Based on the findings, we propose design implications to make cryptocurrency trading more decentralized.
In order to provide more security on double-spending, we have implemented a system allowing for a web-of-trust. In this paper, we explore different approaches taken against double-spending and implement our own version to avoid this within TrustChain as part of the ecosystem of EuroToken, the digital version of the euro. We have used the EVA protocol as a means to transfer data between users, building on the existing functionality of transferring money between users. This allows the sender of EuroTokens to leave recommendations of users based on their previous interactions with other users. This dissemination of trust through the network allows users to make more trustworthy decisions. Although this provides an upgrade in terms of usability, the mathematical details of our implementation can be explored further in other research.
During recent crises like COVID-19, microblogging platforms have become popular channels for affected people seeking assistance such as medical supplies and rescue operations from emergency responders and the public. Despite this common practice, the affordances of microblogging services for help-seeking during crises that needs immediate attention are not well understood. To fill this gap, we analyzed 8K posts from COVID-19 patients or caregivers requesting urgent medical assistance on Weibo, the largest microblogging site in China. Our mixed-methods analyses suggest that existing microblogging functions need to be improved in multiple aspects to sufficiently facilitate help-seeking in emergencies, including capabilities of search and tracking requests, ease of use, and privacy protection. We also find that people tend to stick to certain well-established functions for publishing requests, even after better alternatives emerge. These findings have implications for designing microblogging tools to better support help requesting and responding during crises.
Reinforcement learning (RL) has shown great success in solving many challenging tasks via use of deep neural networks. Although using deep learning for RL brings immense representational power, it also causes a well-known sample-inefficiency problem. This means that the algorithms are data-hungry and require millions of training samples to converge to an adequate policy. One way to combat this issue is to use action advising in a teacher-student framework, where a knowledgeable teacher provides action advice to help the student. This work considers how to better leverage uncertainties about when a student should ask for advice and if the student can model the teacher to ask for less advice. The student could decide to ask for advice when it is uncertain or when both it and its model of the teacher are uncertain. In addition to this investigation, this paper introduces a new method to compute uncertainty for a deep RL agent using a secondary neural network. Our empirical results show that using dual uncertainties to drive advice collection and reuse may improve learning performance across several Atari games.
Task graphs provide a simple way to describe scientific workflows (sets of tasks with dependencies) that can be executed on both HPC clusters and in the cloud. An important aspect of executing such graphs is the used scheduling algorithm. Many scheduling heuristics have been proposed in existing works; nevertheless, they are often tested in oversimplified environments. We provide an extensible simulation environment designed for prototyping and benchmarking task schedulers, which contains implementations of various scheduling algorithms and is open-sourced, in order to be fully reproducible. We use this environment to perform a comprehensive analysis of workflow scheduling algorithms with a focus on quantifying the effect of scheduling challenges that have so far been mostly neglected, such as delays between scheduler invocations or partially unknown task durations. Our results indicate that network models used by many previous works might produce results that are off by an order of magnitude in comparison to a more realistic model. Additionally, we show that certain implementation details of scheduling algorithms which are often neglected can have a large effect on the scheduler's performance, and they should thus be described in great detail to enable proper evaluation.
小貼士
登錄享
相關主題
注冊地址: 北京市海淀區羊坊店路18號2幢3層301-191