Proceedings of the 17th ACM conference on Computer and communications security
The effectiveness of application permissions
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
Android permissions demystified
Proceedings of the 18th ACM conference on Computer and communications security
Is this app safe?: a large scale study on application permissions and risk signals
Proceedings of the 21st international conference on World Wide Web
Android permissions: user attention, comprehension, and behavior
Proceedings of the Eighth Symposium on Usable Privacy and Security
Permission evolution in the Android ecosystem
Proceedings of the 28th Annual Computer Security Applications Conference
Hi-index | 0.00 |
Security in personal devices like mobile phones, tablets, is a major concern because these devices often carry sensitive information. Device platforms (e.g. Android) implement "limit access" and "authorize" security tactics to protect privacy/security-sensitive resources against misuse by an app. For instance, Android defines a set of 100+ permissions that guard resources such as phonebook data, network sockets and so on. However, due to poor understanding of these complex permissions, users inadvertently grant dangerous permissions to the apps, which defeat the security tactics implemented. Thus, security of a device is directly related to the capabilities granted to the intruder (app in this case). In this paper, we define a new quality attribute (QA) called Intrusiveness of an app, which characterizes the capabilities of an app to cause violation of personal and operational information of the user/device. We suggest a framework to compute "intrusiveness" on a given platform. Intrusiveness of an app is represented as a 4-tuple. This tuple characterizes the extent to which the permissions, that are being sought by an app, could compromise in 4 dimensions of information, viz. User, Device, Carrier and the External World. It helps the user to realize the nature of privacy-sensitive resources that (s)he is exposing to the app. Efficacy of our framework is demonstrated by examining intrusiveness of 814 most popular free apps on Android. The Intrusiveness QA could be used to compute potential violation of User Personal Privacy, User Locational Privacy and violation of Device Integrity. Our analysis shows that 84% of apps examined are in a position to compromise User Personal Privacy, 96% can comprise Device Integrity and 92% can compromise Locational Privacy.