Short paper: a look at smartphone permission models

Authors:
Kathy Wain Yee Au;Yi Fan Zhou;Zhen Huang;Phillipa Gill;David Lie
Affiliations:
University of Toronto, Toronto, ON, Canada;University of Toronto, Toronto, ON, Canada;University of Toronto, Toronto, ON, Canada;University of Toronto, Toronto, ON, Canada;University of Toronto, Toronto, ON, Canada
Venue:
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Year:
2011

Citing 9
Cited 8

Soot - a Java bytecode optimization framework

CASCON '99 Proceedings of the 1999 conference of the Centre for Advanced Studies on Collaborative research
On lightweight mobile phone application certification

Proceedings of the 16th ACM conference on Computer and communications security
Semantically Rich Application-Centric Security in Android

ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
A methodology for empirical analysis of permission-based security models and its application to android

Proceedings of the 17th ACM conference on Computer and communications security
The effectiveness of application permissions

WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
Taming information-stealing smartphone applications (on Android)

TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
Permission re-delegation: attacks and defenses

SEC'11 Proceedings of the 20th USENIX conference on Security
Android permissions demystified

Proceedings of the 18th ACM conference on Computer and communications security
These aren't the droids you're looking for: retrofitting android to protect data from imperious applications

Proceedings of the 18th ACM conference on Computer and communications security

Defending users against smartphone apps: techniques and future directions

ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Android permissions: a perspective combining risks and benefits

Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Privilege separation in HTML5 applications

Security'12 Proceedings of the 21st USENIX conference on Security symposium
PScout: analyzing the Android permission specification

Proceedings of the 2012 ACM conference on Computer and communications security
Using probabilistic generative models for ranking risks of Android apps

Proceedings of the 2012 ACM conference on Computer and communications security
A conundrum of permissions: installing applications on an android smartphone

FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security
Privacy as part of the app decision-making process

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Sleeping android: the danger of dormant permissions

Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices

Quantified Score

Hi-index	0.00

Visualization

Abstract

Many smartphone operating systems implement strong sandboxing for 3rd party application software. As part of this sandboxing, they feature a permission system, which conveys to users what sensitive resources an application will access and allows users to grant or deny permission to access those resources. In this paper we survey the permission systems of several popular smartphone operating systems and taxonomize them by the amount of control they give users, the amount of information they convey to users and the level of interactivity they require from users. We discuss the problem of permission overdeclaration and devise a set of goals that security researchers should aim for, as well as propose directions through which we hope the research community can attain those goals.