Reducing Permission Requests in Mobile Apps

Peddinti, Sai Teja; Bilogrevic, Igor; Taft, Nina; Pelikán, Martin; Erlingsson, Úlfar; Anthonysamy, Pauline; Hogben, Giles

doi:10.1145/3355369.3355584

Cited by 20 publications

(6 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Standardisation is also an important factor in promoting accuracy and speed when interpreting privacy notices, highlighting the importance of their implementation at the platform level [20]. On smartphone platforms many of these findings have been adopted by app stores, including privacy labels and nudging developers to remove permissions not requested by functionally similar apps [24,37]. Some platforms also allow users to restrict the granting of permissions to when the app is foregrounded or grant one-time permissions which expire when the app is closed.…”

Section: Permissions and Privacy Labelsmentioning

confidence: 99%

Legal Obligation and Ethical Best Practice: Towards Meaningful Verbal Consent for Voice Assistants

Seymour

Coté

Such

2023

Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems

View full text Add to dashboard Cite

show abstract

Section: Permissions and Privacy Labelsmentioning

confidence: 99%

Legal Obligation and Ethical Best Practice: Towards Meaningful Verbal Consent for Voice Assistants

Seymour

Coté

Such

2023

Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems

View full text Add to dashboard Cite

show abstract

“…Providing permission to various private information would expose the private information of users to the advertisers, insurance companies [23], [24], and publicly expose personal data of the users without the user's consent [25], [26]. A large number of smartphones app also ask unnecessary permission that is not required for the functionality of the app, these apps might pose a serious threat to privacy and security of the users [27], [28]. Muhammad et al [29], [30] analyzed the security and privacy of smartphone apps designed for blocking the advertisement and providing mobile VPN clients.…”

Section: Related Workmentioning

confidence: 99%

A First Look at Privacy Analysis of COVID-19 Contact-Tracing Mobile Applications

Azad

Arshad

Akmal

et al. 2021

IEEE Internet Things J.

View full text Add to dashboard Cite

Today's smartphones are equipped with a large number of powerful value-added sensors and features such as a low power Bluetooth sensor, powerful embedded sensors such as the digital compass, accelerometer, GPS sensors, Wi-Fi capabilities, microphone, humidity sensors, health tracking sensors, and a camera, etc. These value-added sensors have revolutionized the lives of the human being in many ways such, as tracking the health of the patients and movement of doctors, tracking employees movement in large manufacturing units, and monitoring the environment, etc. These embedded sensors could also be used for large-scale personal, group, and community sensing applications especially tracing the spread of certain diseases. Governments and regulators are turning to use these features to trace the people thought to have symptoms of certain diseases or virus e.g. COVID-19. The outbreak of COVID-19 in December 2019, has seen a surge of the mobile applications for tracing, tracking and isolating the persons showing COVID-19 symptoms to limit the spread of disease to the larger community. The use of embedded sensors could disclose private information of the users thus potentially bring threat to the privacy and security of users. In this paper, we analyzed a large set of smartphone applications that have been designed to contain the spread of the COVID-19 virus and bring the people back to normal life. Specifically, we have analyzed what type of permission these smartphone apps require, whether these permissions are necessary for the track and trace, how data from the user devices is transported to the analytic center, and analyzing the security measures these apps have deployed to ensure the privacy and security of users.

show abstract

“…Previous work on Android's permission system has focused on the usage and abuse of AOSP permissions [86], [61], over-privileged apps [71], [67], [82], detecting vulnerabilities and weaknesses in the permission system [74], [66], [76], [85], [84], [65] and assessed the efficacy and transparency of Android's permission model to empower users [73], [72], [78], [90]. Multiple tools were also created to study AOSP permissions.…”

Section: Related Workmentioning

confidence: 99%

Mules and Permission Laundering in Android: Dissecting Custom Permissions in the Wild

Gamba

Feal

Blazquez

et al. 2024

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

Android implements a permission system to regulate apps' access to system resources and sensitive user data. One salient feature of this system is its extensibility: apps can define their own custom permissions to expose features and data to other apps. However, little is known about how widespread the usage of custom permissions is, and what is the impact that these permissions can have on users' privacy and security. In this paper, we empirically study the usage of custom permissions at large scale, using a dataset of 2.2M pre-installed and app-store-downloaded apps. We find the usage of custom permissions to be widespread, and seemingly growing over time. Despite this prevalence, we find that custom permissions are virtually invisible to end users, and their purpose mostly undocumented. This lack of transparency can lead to serious security and privacy problems: we show that custom permissions can facilitate access to permission-protected system resources to apps that lack those permissions without user awareness. To detect this practice, we design and implement two static analysis tools, and highlight multiple concerning cases spotted in the wild. We conclude this study with a discussion of potential solutions to mitigate the privacy and security risks of custom permissions.

show abstract

Reducing Permission Requests in Mobile Apps

Cited by 20 publications

References 16 publications

Legal Obligation and Ethical Best Practice: Towards Meaningful Verbal Consent for Voice Assistants

Legal Obligation and Ethical Best Practice: Towards Meaningful Verbal Consent for Voice Assistants

A First Look at Privacy Analysis of COVID-19 Contact-Tracing Mobile Applications

Mules and Permission Laundering in Android: Dissecting Custom Permissions in the Wild

Contact Info

Product

Resources

About