Abstract

Abstract
Runtime permission managers for mobile devices allow requests to be performed at the time in which permissions are required, thus enabling the user to grant/deny requests in context according to their expectations. However, in order to avoid cognitive overload, second and subsequent requests are usually automatically granted without user intervention/awareness. This paper explores whether these automated decisions fit user expectations. We performed a field study with 93 participants to collect their privacy decisions, the surrounding context and whether each request was expected. The collected 65261 permission decisions revealed a strong misalignment between apps' practices and expectation as almost half of requests are unexpected by users. This ratio strongly varies with the requested permission, the category and visibility of the requesting application and the user itself; that is, expectation is subjective to each individual. Moreover, privacy decisions are most strongly correlated with user expectation, but such correlation is also highly personal. Finally, Android's default permission manager would have violated the privacy of our participants 15% of the time. © 2022 IEEE.

Abstract
Permission managers in mobile devices allow users to control permissions requests, by granting of denying application's access to data and sensors. However, existing managers are ineffective at both protecting and warning users of the privacy risks of their permissions' decisions. Recent research proposes privacy protection mechanisms through user profiles to automate privacy decisions, taking personal privacy preferences into consideration. While promising, these proposals usually resort to a centralized server towards training the automation model, thus requiring users to trust this central entity. In this paper we propose a methodology to build privacy profiles and train neural networks for prediction of privacy decisions, while guaranteeing user privacy, even against a centralized server. Specifically, we resort to privacy-preserving clustering techniques towards building the privacy profiles, that is, the server computes the centroids (profiles) without access to the underlying data. Then, using federated learning, the model to predict permission decisions is learnt in a distributed fashion while all data remains locally in the users' devices. Experiments following our methodology show the feasibility of building a personalized and automated permission manager guaranteeing user privacy, while also reaching a performance comparable to the centralized state of the art, with an F1-score of 0.9. © 2022 ACM.

Abstract
In order to secure wireless communications, we consider the usage of physical-layer security (PLS) mechanisms (i.e., coding for secrecy mechanisms) combined with self-interference generation. We present a prototype implementation of a scrambled coding for secrecy mechanisms with interference generation by the legitimate receiver and the cancellation of the effect of self-interference (SI). Regarding the SI cancellation, four state-of-the-art algorithms were considered: Least mean square (LMS), normalized least mean square (NLMS), recursive least squares (RLS) and QR decomposition recursive least squares (QRDRLS). The prototype implementation is performed in real-world software-defined radio (SDR) devices using GNU-Radio, showing that the LMS outperforms all other algorithms considered (NLMS, RLS and QRDRLS), being the best choice to use in this situation (SI cancellation). It was also shown that it is possible to secure communication using only noise generation by the legitimate receiver, though a variation of the packet loss rate (PLR) and the bit error rate (BER) gaps is observed when moving from the fairest to an advantageous or a disadvantageous scenario. Finally, when noise generation was combined with the adapted scrambled coding for secrecy with a hidden key scheme, a noteworthy security improvement was observed resulting in an increased BER for Eve with minor interference to Bob.

Abstract