Android permissions demystified

Felt, Adrienne Porter; Chin, Erika; Hanna, Steve; Song, Dawn; Wagner, David

doi:10.1145/2046707.2046779

Cited by 1,034 publications

(671 citation statements)

References 12 publications

Supporting

Mentioning

654

Contrasting

Unclassified

Order By: Relevance

“…Felt et al, in their Android Permissions Demystified work, attempt to further explain permissions to developers [5]. However, neither of these papers explore end-users understanding of permissions.…”

Section: Related Workmentioning

confidence: 99%

A Conundrum of Permissions: Installing Applications on an Android Smartphone

Kelley

Consolvo

Cranor

et al. 2012

Lecture Notes in Computer Science

268

163

View full text Add to dashboard Cite

Abstract. Each time a user installs an application on their Android phone they are presented with a full screen of information describing what access they will be granting that application. This information is intended to help them make two choices: whether or not they trust that the application will not damage the security of their device and whether or not they are willing to share their information with the application, developer, and partners in question. We performed a series of semi-structured interviews in two cities to determine whether people read and understand these permissions screens, and to better understand how people perceive the implications of these decisions. We find that the permissions displays are generally viewed and read, but not understood by Android users. Alarmingly, we find that people are unaware of the security risks associated with mobile apps and believe that app marketplaces test and reject applications. In sum, users are not currently well prepared to make informed privacy and security decisions around installing applications.

show abstract

Section: Related Workmentioning

confidence: 99%

A Conundrum of Permissions: Installing Applications on an Android Smartphone

Kelley

Consolvo

Cranor

et al. 2012

Lecture Notes in Computer Science

268

163

View full text Add to dashboard Cite

show abstract

“…They also built a tool called Stowaway that can detect whether a compiled Android app requests more permissions than necessary, i.e. overprivileged [18]. Among the apps they investigated, about one-third were actually overprivileged.…”

Section: Related Workmentioning

confidence: 99%

“…We randomly selected 50 popular apps from both the third party Android market, mumayi, and Google Play. We used the Stowaway [18] to detect unnecessary permissions in each app. Table 1 shows the statistics of the collected apps due to the overprivilege problem.…”

Section: Overprivilege Problemmentioning

confidence: 99%

Quantitative Security Risk Assessment of Android Permissions and Applications

Wang

Zheng

Sun

et al. 2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. The booming of the Android platform in recent years has attracted the attention of malware developers. However, the permissionsbased model used in Android system to prevent the spread of malware, has shown to be ineffective. In this paper, we propose DroidRisk, a framework for quantitative security risk assessment of both Android permissions and applications (apps) based on permission request patterns from benign apps and malware, which aims to improve the efficiency of Android permission system. Two data sets with 27,274 benign apps from Google Play and 1,260 Android malware samples were used to evaluate the effectiveness of DroidRisk. The results demonstrate that DroidRisk can generate more reliable risk signal for warning the potential malicious activities compared with existing methods. We show that DroidRisk can also be used to alleviate the overprivilege problem and improve the user attention to the risks of Android permissions and apps.

show abstract

“…For an application to access other components of the system it must require, and be granted, the corresponding access permission. The sandbox mechanism is implemented at kernel level and relies on the correct application of a Mandatory Access Control policy which is enforced by a reference monitor using a user identifier (UID) [30] assigned to each installed application. Interaction among applications is achieved through Inter Process Communication (IPC) mechanisms [14].…”

Section: Introductionmentioning

confidence: 99%

Formal Analysis of Android's Permission-Based Security Model

Betarte¹,

Campo²,

Luna³

et al. 2016

SACS

View full text Add to dashboard Cite

In this work we present a comprehensive formal specification of an idealized formulation of Android's permission model. Permissions in Android are basically tags that developers declare in their applications, more precisely in the so-called application manifest, to gain access to sensitive resources. Several analyses have recently been carried out concerning the security of the Android system. Few of them, however, pay attention to the formal aspects of the permission enforcing framework. We provide a complete and uniform formulation of several security properties using the higher order logic of the Calculus of Inductive Constructions and sketch the proofs that have been developed and verified using the Coq proof assistant. We also analyze how the changes introduced in the latest version of Android, that allows to manage permissions at runtime, impact the presented model.

show abstract

Android permissions demystified

Cited by 1,034 publications

References 12 publications

A Conundrum of Permissions: Installing Applications on an Android Smartphone

A Conundrum of Permissions: Installing Applications on an Android Smartphone

Quantitative Security Risk Assessment of Android Permissions and Applications

Formal Analysis of Android's Permission-Based Security Model

Contact Info

Product

Resources

About