Shuaishuai Liu

PhD student

sliu (at) crysys.hu

office: I.E. 429
tel: +36 1 463 2063

Current courses | Publications

Short Bio

Liu Shuaishuai obtained his BSc degree in computer science from Beijing Technology and Business University(BTBU) in 2017 and MSc degree from Budapest University of Technology and Economics(BME). Now he is in Laboratory of Cryptography and System Security (CrySyS) under the supervision of Prof. Gergely Biczok. His main research interests are Cybersecurity and Data Privacy.

Current Courses

Cybersecurity Operations Fundamentals (VIHIAV43)

This is an elective lab exercise course where students learn the basics of security operations.

Publications

2021

Interdependent privacy issues are pervasive among third-party applications

S. Liu and B. Herendi and G. Biczók

16th International Workshop on Data Privacy Management (DPM, co-located with ESORICS 2021), 2021.

Bibtex | Abstract | PDF | Link

@inproceedings {
   author = {Shuaishuai Liu and B. Herendi and Gergely Biczók},
   title = {Interdependent privacy issues are pervasive among third-party applications},
   booktitle = {16th International Workshop on Data Privacy Management (DPM, co-located with ESORICS 2021)},
   year = {2021},
   howpublished = "\url{https://link.springer.com/chapter/10.1007/978-3-030-93944-1_5}"
}

Keywords

interdependent privacy, third-party apps, permissions, Android, browser extensions, Google Workspace, risk signal

Abstract

Third-party applications are popular: they improve and ex- tend the features offered by their respective platforms, whether being mobile OS, browsers or cloud-based tools. Although some privacy con- cerns regarding these apps have been studied in detail, the phenomenon of interdependent privacy, when a user shares others’ data with an app without their knowledge and consent. Through careful analysis of per- mission models and multiple platform-specific datasets, we show that interdependent privacy risks are enabled by certain permissions in all platforms studied, and actual apps request these permissions instantiat- ing these risks. We also identify potential risk signals, and discuss solu- tions which could improve transparency and control for users, developers and platform owners.