Short paper: enhancing users' comprehension of android permissions

Authors:
Liu Yang;Nader Boushehrinejadmoradi;Pallab Roy;Vinod Ganapathy;Liviu Iftode
Affiliations:
Rutgers University, Piscataway, NJ, USA;Rutgers University, Piscataway, NJ, USA;Rutgers University, Piscataway, NJ, USA;Rutgers University, Piscataway, NJ, USA;Rutgers University, Piscataway, NJ, USA
Venue:
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Year:
2012

Citing 13
Cited 0

Doppelganger: Better browser privacy without the bother

Proceedings of the 13th ACM conference on Computer and communications security
SmartSiren: virus detection and alert for smartphones

Proceedings of the 5th international conference on Mobile systems, applications and services
Apex: extending Android permission model and enforcement with user-defined runtime constraints

ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones

OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
The effectiveness of application permissions

WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
A study of android application security

SEC'11 Proceedings of the 20th USENIX conference on Security
Android permissions demystified

Proceedings of the 18th ACM conference on Computer and communications security
These aren't the droids you're looking for: retrofitting android to protect data from imperious applications

Proceedings of the 18th ACM conference on Computer and communications security
SMSAssassin: crowdsourcing driven mobile-based system for SMS spam filtering

Proceedings of the 12th Workshop on Mobile Computing Systems and Applications
MockDroid: trading privacy for application functionality on smartphones

Proceedings of the 12th Workshop on Mobile Computing Systems and Applications
Android permissions: user attention, comprehension, and behavior

Proceedings of the Eighth Symposium on Usable Privacy and Security
Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing

Proceedings of the 2012 ACM Conference on Ubiquitous Computing
A conundrum of permissions: installing applications on an android smartphone

FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Android adopts a permission-based model to protect user's data and system resources. An application needs to explicitly request user's approval of the required permissions at the installation time. The utility of the permission model depends critically on end users' ability to comprehend them. However, a recent study has shown that Android users have poor comprehension on permissions. In this paper, we propose to help Android users better understand application permissions through crowdsourcing. In our approach, collections of users of the same application use our tool to help each other on permission understanding by sharing their permission reviews. We demonstrate the feasibility of our approach by implementing a proof-of-concept of our design, which can provide meaningful clues to users on what purposes a permission serves in an application. Our case study shows that the tool can provide helpful information of permission usage. It also exposes the limitations of the current implementation, and the challenges need to be addressed in our next step.