大规模用户隐私风险量化研究

Quantitative Research on Privacy Risk of Large-Scale Mobile Users

移动应用程序的日益繁多使得移动互联网服务提供商有机会收集到大规模的用户数据,然而其数据收集和使用的不规范使移动用户面临着极其严峻的隐私风险问题.如何分析用户隐私风险状况并进行隐私保护成为当前亟待解决的重要问题.基于移动应用程序的权限分析方法,提出一种用户隐私风险量化模型.该模型首先通过39个敏感权限识别移动应用程序内个人隐私数据收集状况,并以此为数据泄露源,考虑数据泄露的可能性及数据的隐私危害程度.然后,利用3000万移动设备上的移动应用程序数据,进一步构建隐私风险量化模型.最后,基于该模型分析单个用户的隐私风险值分布,并进一步研究各用户群体的隐私风险趋势,从而构建中国隐私风险指数体系,以区域隐私风险指数、人群隐私风险指数、行为隐私风险指数分别反映不同属性用户群体面临隐私风险的差异.

The increasing number of mobile applications have given mobile Internet service providers the opportunity to collect large amounts of user data. However, the unreasonable and abnormal collection and use of data have made mobile users face extremely serious privacy risk. How to analyze the status of user privacy risk and protect user privacy have become an urgent issue. Based on the permission analysis of mobile applications, this paper proposes a novel user privacy risk quantification model. This model first identifies the personal privacy-related data collection of mobile applications through 39 privacy permissions which are considered as leakage data source, then consider the possibility of data leakage and the privacy hazard degree of data. This model is further constructed with the assist of application usage data of 30 million mobile devices. Finally, the distribution of privacy risks of individual users is analyzed. Then through analyzing the average user privacy risk value of each user group, the China privacy risk index is formulated to reflect the differences in privacy risks among various user groups, including the regional privacy risk index, the population privacy risk index, and the behavioral privacy risk index.