Soot - a Java bytecode optimization framework
CASCON '99 Proceedings of the 1999 conference of the Centre for Advanced Studies on Collaborative research
On lightweight mobile phone application certification
Proceedings of the 16th ACM conference on Computer and communications security
Semantically Rich Application-Centric Security in Android
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Proceedings of the 17th ACM conference on Computer and communications security
The effectiveness of application permissions
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
Taming information-stealing smartphone applications (on Android)
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
Permission re-delegation: attacks and defenses
SEC'11 Proceedings of the 20th USENIX conference on Security
Android permissions demystified
Proceedings of the 18th ACM conference on Computer and communications security
Proceedings of the 18th ACM conference on Computer and communications security
Defending users against smartphone apps: techniques and future directions
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Android permissions: a perspective combining risks and benefits
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Privilege separation in HTML5 applications
Security'12 Proceedings of the 21st USENIX conference on Security symposium
PScout: analyzing the Android permission specification
Proceedings of the 2012 ACM conference on Computer and communications security
Using probabilistic generative models for ranking risks of Android apps
Proceedings of the 2012 ACM conference on Computer and communications security
A conundrum of permissions: installing applications on an android smartphone
FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security
Privacy as part of the app decision-making process
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Sleeping android: the danger of dormant permissions
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
Hi-index | 0.00 |
Many smartphone operating systems implement strong sandboxing for 3rd party application software. As part of this sandboxing, they feature a permission system, which conveys to users what sensitive resources an application will access and allows users to grant or deny permission to access those resources. In this paper we survey the permission systems of several popular smartphone operating systems and taxonomize them by the amount of control they give users, the amount of information they convey to users and the level of interactivity they require from users. We discuss the problem of permission overdeclaration and devise a set of goals that security researchers should aim for, as well as propose directions through which we hope the research community can attain those goals.