User Interactions and Permission Use on Android
ثبت نشده
چکیده
Android and other mobile operating systems ask users for au thorization before allowing apps to access sensitive resources such as contacts and location. We hypothesize that such au thorization systems could be improved by becoming more integrated with the app’s user interface. In this paper, we conduct two studies to test our hypothesis. First, we use AppTracer, a dynamic analysis tool we developed, to measure to what extent user interactions and sensitive resource use are re lated in existing apps. Second, we conduct an online survey to examine how different interactions with the UI affect users’ ex pectations about whether an app accesses sensitive resources. The results of our studies suggest that user interactions such as button clicks can be interpreted as authorization, reducing the need for separate requests; but that accesses not directly tied to user interactions should be separately authorized, possibly when apps are first launched. ACM Classification
منابع مشابه
A Contextually-Aware, Privacy-Preserving Android Permission Model
Smartphones contain a large amount of highly personal data, much of it accessible to third-party applications. Much of this information is safeguarded by a permission model, which regulates access to this information. This work primarily focuses on improving the Android permission model, which is known to have notoriously large amounts of sensitive data leakage, but many of its findings can be ...
متن کاملAndroid fine-grained permission control system with real-time expert recommendations
In current Android architecture design, users have to decide whether an app is safe to use or not. Expert users can make savvy decisions to prevent unnecessary privacy breach. However, inexperienced users may not be able to decide correctly. To assist inexperienced users to make a right permission granting decisions, we propose RecDroid. RecDroid is a crowdsourcing recommendation framework that...
متن کاملEnhancing Android Security through App Splitting
The Android operating system provides a rich security model that specifies over 100 distinct permissions. Before performing a sensitive operation, an app must obtain the corresponding permission through a request to the user. Unfortunately, an app is treated as an opaque, monolithic security principal, which is granted or denied permission as a whole. This blunts the effectiveness of the permis...
متن کاملAndroid Permission Model
The recent evolution on the smart phone technology has made its application market huge and less secure. Every single day large number of apps introduced in the android market (mostly on google play store) without any particular inspections which creates a lot of security issues and they remain unresolved. There are a lot of recent and increasing security issues which are mostly caused by the a...
متن کاملریسک سنج: ابزاری برای سنجش دقیق میزان ریسک امنیتی برنامهها در دستگاههای همراه
Nowadays smartphones and tablets are widely used due to their various capabilities and features for end users. In these devices, accessing a wide range of services and sensitive information including private personal data, contact list, geolocation, sending and receiving messages, accessing social networks and etc. are provided via numerous application programs. These types of accessibilities, ...
متن کامل