English
Related papers

Related papers: Tricking Johnny into Granting Web Permissions

200 papers

In this work, we perform a comprehensive analysis of the security of text input fields in web browsers. We find that browsers' coarse-grained permission model violates two security design principles: least privilege and complete mediation.…

Cryptography and Security · Computer Science 2023-09-01 Asmit Nayak , Rishabh Khandelwal , Kassem Fawaz

Smartphones hold important private information, yet users routinely expose this information to questionable applications written by developers they know nothing about. Users may be tempted to think of smartphones as old-style dumb phones,…

Cryptography and Security · Computer Science 2019-06-28 Amer Chamseddine , George Candea

Large Language Models (LLMs) have enabled agents to move beyond conversation toward end-to-end task execution and become more helpful. However, this helpfulness introduces new security risks stem less from direct interface abuse than from…

Cryptography and Security · Computer Science 2026-01-19 Fengchao Chen , Tingmin Wu , Van Nguyen , Carsten Rudolph

Prefetching web pages is a well-studied solution to reduce network latency by predicting users' future actions based on their past behaviors. However, such techniques are largely unexplored on mobile platforms. Today's privacy regulations…

Software Engineering · Computer Science 2021-03-25 Yixue Zhao , Siwei Yin , Adriana Sejfia , Marcelo Schmitt Laser , Haoyu Wang , Nenad Medvidovic

While the literature on permissions from the end-user perspective is rich, there is a lack of empirical research on why developers request permissions, their conceptualization of permissions, and how their perspectives compare with…

Human-Computer Interaction · Computer Science 2023-02-01 Mohammad Tahaei , Ruba Abu-Salma , Awais Rashid

While many students now interact with web apps across a variety of smart devices, the vast majority of our Nifty Assignments still present traditional user interfaces such as console input/output and desktop GUI. In this tutorial session,…

Computers and Society · Computer Science 2020-11-16 Kevin Lin , Sumant Guha , Joe Spaniac , Andy Zheng

Modern web browsers are incredibly complex, with millions of lines of code and over one thousand JavaScript functions and properties available to website authors. This work investigates how these browser features are used on the modern,…

Networking and Internet Architecture · Computer Science 2016-05-23 Peter Snyder , Lara Ansari , Cynthia Taylor , Chris Kanich

Online tracking remains problematic, with compliance and ethical issues persisting despite regulatory efforts. Consent interfaces, the visible manifestation of this industry, have seen significant attention over the years. We present robust…

Computers and Society · Computer Science 2025-03-26 Midas Nouwens , Janus Bager Kristensen , Kristjan Maalt , Rolf Bagge

Deceptive patterns are often used in interface design to manipulate users into taking actions they would not otherwise take, such as consenting to excessive data collection. We present Trickery, a narrative serious game that incorporates…

Human-Computer Interaction · Computer Science 2024-10-25 Kirill Kronhardt , Kevin Rolfes , Jens Gerken

A common security architecture, called the permission-based security model (used e.g. in Android and Blackberry), entails intrinsic risks. For instance, applications can be granted more permissions than they actually need, what we call a…

Cryptography and Security · Computer Science 2013-03-21 Alexandre Bartel , Jacques Klein , Martin Monperrus , Yves Le Traon

We developed a simulation game to study the effectiveness of decision-makers in overcoming two complexities in building cybersecurity capabilities: potential delays in capability development; and uncertainties in predicting cyber incidents.…

Cryptography and Security · Computer Science 2018-07-04 M. S. Jalali

There is a conflict between the need for security compliance by users and the fact that commonly they cannot afford to dedicate much of their time and energy to that security. A balanced level of user engagement in security is difficult to…

Computers and Society · Computer Science 2022-09-07 Martin Ruskov , Paul Ekblom , M. Angela Sasse

Part of what makes the web successful is that anyone can publish content and browsers maintain certain safety guarantees. For example, it's safe to travel between links and make other trust decisions on the web because users can always…

Human-Computer Interaction · Computer Science 2020-11-10 Diane Hosfelt , Jessica Outlaw , Tyesha Snow , Sara Carbonneau

The age of technology has created a huge market for smartphones and Apps usage and a new generation has been created based on knowledge sharing. Now knowledge has been made easily accessible by Apps but; are users even aware of the…

Computers and Society · Computer Science 2018-04-19 Akosua Boakyewaa Teye , Ezer Osei Yeboah-Boateng

Due to the prevalence of online services in modern society, such as internet banking and social media, it is important for users to have an understanding of basic security measures in order to keep themselves safe online. However, users…

Human-Computer Interaction · Computer Science 2019-07-24 Sam Scholefield , Lynsay A. Shepherd

Websites are capable of learning a wide range of information about the platform on which a browser is executing. One major source of such information is the set of standardised Application Programming Interfaces (APIs) provided within the…

Cryptography and Security · Computer Science 2019-10-17 Zhaoyi Fan

In modernity, we continually receive increasingly intricate technologies that allow us to increase our lives convenience and efficiency. Our technology, particularly technology available over the internet, is advancing at unprecedented…

Cryptography and Security · Computer Science 2023-11-29 Sean Loesch , Ryan Hrastich , Jordan Herbert , Ben Drangstveit , Jacob Weber , Mounika Vanamala

Android's permission system is designed to balance usability with informed consent, yet two legacy mechanisms still undermine that balance in Android 16: (i) permission groups that silently auto-grant new permissions within a group after a…

Cryptography and Security · Computer Science 2026-05-28 Olawale Amos Akanji , Manuel Egele , Gianluca Stringhini

Reinforcement learning (RL) agents improve through trial-and-error, but when reward is sparse and the agent cannot discover successful action sequences, learning stagnates. This has been a notable problem in training deep RL agents to…

Artificial Intelligence · Computer Science 2018-02-27 Evan Zheran Liu , Kelvin Guu , Panupong Pasupat , Tianlin Shi , Percy Liang

Web-use agents are rapidly being deployed to automate complex web tasks with extensive browser capabilities. However, these capabilities create a critical and previously unexplored attack surface. This paper demonstrates how attackers can…

Cryptography and Security · Computer Science 2025-10-22 Avishag Shapira , Parth Atulbhai Gandhi , Edan Habler , Asaf Shabtai