Data and Documentation
Open Data Policy
FAQ
EN
DE
FR
Suchbegriff
Advanced search
Publication
Back to overview
Tricking Johnny into Granting Web Permissions
Type of publication
Peer-reviewed
Publikationsform
Proceedings (peer-reviewed)
Author
Hazhirpasand Mohammadreza, Ghafari Mohammad, Nierstrasz Oscar,
Project
Agile Software Assistance
Show all
Proceedings (peer-reviewed)
Page(s)
276 - 281
ISBN
9781450377317
Title of proceedings
Proceedings of the Evaluation and Assessment in Software Engineering
DOI
10.1145/3383219.3383248
Open Access
URL
http://scg.unibe.ch/archive/papers/Hazh20b.pdf
Type of Open Access
Repository (Green Open Access)
Abstract
We studied the web permission API dialog box in popular mobile and desktop browsers, and found that it typically lacks measures to protect users from unwittingly granting web permission when clicking too fast. We developed a game that exploits this issue, and tricks users into granting webcam permission. We conducted three experiments, each with 40 different participants, on both desktop and mobile browsers. The results indicate that in the absence of a prevention mechanism, we achieve a considerably high success rate in tricking 95\% and 72\% of participants on mobile and desktop browsers, respectively. Interestingly, we also tricked 47\% of participants on a desktop browser where a prevention mechanism exists.
-