Related papers: Tricking Johnny into Granting Web Permissions
A cyber security problem in a networked system formulated as a resilient graph problem based on a game-theoretic approach is considered. The connectivity of the underlying graph of the network system is reduced by an attacker who removes…
Conforming to W3C specifications, mobile web browsers allow JavaScript code in a web page to access motion and orientation sensor data without the user's permission. The associated risks to user security and privacy are however not…
As LLMs are increasingly integrated into systems that browse, retrieve, summarize, and act on web content, webpages have become an untrusted input vector for downstream model behavior. This enables site owners, contributors, and adversaries…
Desktop browser extensions have long allowed users to improve their experience online and tackle widespread harms on websites. So far, no equivalent solution exists for mobile apps, despite the fact that individuals now spend significantly…
In mobile applications, Pop-up window (PoW) plays a crucial role in improving user experience, guiding user actions, and delivering key information. Unfortunately, the excessive use of PoWs severely degrades the user experience. These PoWs…
Mobile gaming applications (apps) have become increasingly pervasive, including a growing number of games designed for children. Despite their popularity, these apps often integrate complex analytics, advertising, and attribution…
Although there are over 1,600,000 third-party Android apps in the Google Play Store, little has been conclusively shown about how their individual (and collective) permission usage has evolved over time. Recently, Android 6 overhauled the…
The proper use of Android app permissions is crucial to the success and security of these apps. Users must agree to permission requests when installing or running their apps. Despite official Android platform documentation on proper…
With the requirements and emphases on privacy transparency placed by regulations such as GDPR and CCPA, the Google Play Store requires Android developers to more responsibly communicate their apps' privacy practices to potential users by…
Web browsers are integral parts of everyone's daily life. They are commonly used for security-critical and privacy sensitive tasks, like banking transactions and checking medical records. Unfortunately, modern web browsers are too complex…
Recently, online video chat services are becoming increasingly popular. While experiencing tremendous growth, online video chat services have also become yet another spamming target. Unlike spam propagated via traditional medium like emails…
Web servers service client requests, some of which might cause the web server to perform security-sensitive operations (e.g. money transfer, voting). An attacker may thus forge or maliciously manipulate such requests by compromising a web…
Opportunistic networking is one way to realize pervasive applications while placing little demand on network infrastructure, especially for operating in less well connected environments. In contrast to the ubiquitous network access model…
The usage of quick response (QR) codes was limited in the pre-era of the COVID-19 pandemic. Due to the widespread and frequent application since then, this opened up an attractive phishing opportunity for malicious actors. They trick users…
Like many desktop operating systems in the 1990s, Android is now in the process of including support for multi-user scenarios. Because these scenarios introduce new threats to the system, we should have an understanding of how well the…
This paper presents a user study (N=22) where participants used an interface combining Web Search and a Generative AI-Chat feature to solve health-related information tasks. We study how people behaved with the interface, why they behaved…
Browser-use agents are widely used for everyday tasks. They enable automated interaction with web pages through structured DOM based interfaces or vision language models operating on page screenshots. However, web pages often change between…
The industry for children's apps is thriving at the cost of children's privacy: these apps routinely disclose children's data to multiple data trackers and ad networks. As children spend increasing time online, such exposure accumulates to…
In spite of efforts to increase participation, many online groups struggle to survive past the initial days, as members leave and activity atrophies. We argue that a main assumption of online group design -- that groups ask nothing of their…
A website browser cookie is a small file created by a web server upon visitation, which is placed in the user's browser directory to enhance the user's experience. However, first and third-party cookies have become a significant threat to…