Total views : 208

Granular Per(M)issions: Questions Unanswered

Affiliations

  • Department of Computer Science, Himachal Pradesh University, Himachal Pradesh, India

Abstract


Objectives: In android users do not understand the permissions structure and how apps utilize these permissions. Methods/Statistical Analysis: Study of App Ops system in android and finding out ways to check what permission android apps are using and also to check and derive various algorithms to see what levels of access can be granted to permissions. Also to see if an application can be developed so that the user could know what permissions app is using and whether they are required or not? Findings: After proposing four algorithms and trying to classify the level of protection access to permissions we have found that this classification yields desired results. The client can know what permissions are being requested by which apps and can therefore be enlightened to its hazards and security risks. Also although this approach is similar to what Google has done with the Marshmallow version howsoever it suffers from shortcomings and is not yet, a complete solution. Thus, our results will only substantiate and help in the creation of a more robust and secure android version. Whether this much power should be given to the naïve user, however is a question that needs some thought. Application/Improvements: Our algorithms can be applied to newer versions of android to make it more secure and ensure user privacy.

Keywords

Algorithms, Android, Granular, Permissions, Privacy, Security.

Full Text:

 |  (PDF views: 164)

References


  • Digitimes Research. Global Smartphone shipments to reach 1.401 billion units. http://www:digitimes:com/news/a20150319PD213:html. Date Accessed: 19/03/2015.
  • Android and iOS Squeeze the Competition, Swelling to 96.3% of the Smartphone Operating System Market for Both 4Q14 and CY14, According to IDC. http://www.idc.com/getdoc.jsp?containerId=prUS25450615. Date accessed: 24/02/2015.
  • Statistics and facts about mobile app usage. http://www.statista.com/topics/1002/mobile-app-usage/. Date accessed: 22/01/2016.
  • Android Authority. Google Play Store vs the Apple App Store: by the numbers April 2015. http://www.androidauthority.com/google-play-store-vs-the-apple-app-store-601836/. Date accessed: 20/04/2015.
  • Yahoo Tech. Report: 1 in 5 Android Apps Is Malware.https://www.yahoo.com/tech/report-one-in-five-android-apps-is-malware-117202610899.html. Date accessed: 24/04/2015.
  • Inside Android 4.2's Powerful New Security System. http://www.computerworld.com/article/2473570/android/exclusive--inside-android-4-2-s-powerful-new-security-system.html. Date accessed: 1/11/2012.
  • An Evaluation of the Application ("App") Verification Service in Android 4.2. https://www.csc.ncsu.edu/faculty/jiang/appverify/. Date accessed: 10/12/2012.
  • Felt AP, Chin E, Hanna S, Song D, Wagner D. Android Permissions Demystified. In Proceedings of the 18th ACM conference on Computer and communications security, 2011, 627-638.
  • Mylonas A, Kastania A, Gritzalis D. Delegate the smartphone user? Security awareness in smartphone platforms. Computers and Security. 2013 May; 34:47-66.
  • Mylonas A, Gritzalis D, Tsoumas B, Apostolopoulos T. A Qualitative Metrics Vector for the Awareness of Smartphone Security Users. In: Trust, Privacy, and Security in Digital Business. 2013 Aug, 173-184.
  • Kelley PG, Consolvo S, Cranor LF, Jung J, Sadeh N, Wetherall D. A Conundrum of Permissions: Installing Applications on an Android Smartphone. FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security. 2012 Mar, 68-79.
  • Felt AP, Ha E, Egelman S, Haney A, Chin E, Wagner D. Android Permissions: User Attention, Comprehension, and Behaviour. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, ACM. 2012 Jul, 1-14.
  • Benton K, Camp LJ, Garg V. Studying the E_ effectiveness of Android Application Permissions Requests. In: Pervasive Computing and Communications Workshops (PERCOM Workshops), IEEE International Conference on San Diego, CA, IEEE. 2013 Mar; 291-296.
  • Android Central. Using App Permissions in Android M. http://www.androidcentral.com/using-app-permissions-android-m. Date Accessed: 14/06/2015.
  • Wang W, Wang X, Feng D, Liu J, Han Z, Zhang XL. Exploring Permission-induced Risk in Android Applications for Malicious Application Detection. IEEE Transactions on Information Forensics and Security. 2014 Nov; 9(11):1869-1882.
  • Solove DJ. Conceptualizing Privacy. California Law Review. 2002 Jul, 90(4):1-71.
  • Warren SD, Brandeis LD. The Right to Privacy. Harvard Law Review. 1890; 4(5):193-220.
  • Hoepman JH, Lieshout MV. Privacy ER. Leukfeldt, W Ph Stol (Eds). Cyber Safety: An Introduction, Eleven International Publishing, The Hague, 2012, 75-87.
  • Mylonas A, Theoharidou M, Gritzalis D. Assessing Privacy Risks in Android: A User-Centric Approach, In: Risk Assessment and Risk-Driven Testing. 2013 Nov, 21-37.
  • Android Police. Android M Will Never Ask Users For Permission to use the Internet, and that's Probably Okay. http://www.androidpolice.com/2015/06/06/android-m-will-never-ask-users-for-permission-to-use-the-internet-and-thats-probably-okay/.Date Accessed: 06/06/2015.
  • Android M Developer Preview - Permissions. http://android-developers.blogspot.in/2015/05/android-m-developer-preview-tools.html. Date Accessed: 28/05/2015.

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.