Proceedings of the 2nd ACM CCS Workshop on Security and Privacy in Mobile Devices (SPSM 2012); pages 21-26; Raleigh, North Carolina; October 19, 2012.
Android adopts a permission-based model to protect user’s data and system resources. An application needs to explicitly request user’s approval of the required permissions at the installation time. The utility of the permission model depends critically on end users’ ability to comprehend them. However, a recent study has shown that Android users have poor comprehension on permissions.
In this paper, we make an attempt to help Android phone users better understand application permissions. In particular, we build a tool which can provide meaningful clues to phone users on what purposes a permission serves in an application. To increase the permission coverage, we propose to use crowdsourcing, where collections of users of the same application use our tool to help each other on permission understanding by sharing their permission reviews. We demonstrate the feasibility of our approach by implementing a proof-of-concept of our design. Our case study shows that the tool can provide helpful information of permission usage. It also exposes the limitations of the current implementation, and the challenges need to be addressed in our next step.
Slides: [ Powerpoint ]
DOI: [ 10.1145/2381934.2381940 ]