Curbing Android Permission Creep
نویسندگان
چکیده
The Android platform has about 130 application level permissions that govern access to resources. The determination of which permissions to request is left solely to the application developer. Users are prompted to approve all application permissions at install time, and permissions are silently enforced at execution time. Although many applications make use of a wide range of permissions, we have observed that some applications request permissions that are not required for the application to execute, and that existing developer APIs make it difficult for developers to align their permission requests with application functionality. In this paper we describe a tool we developed to assist developers in utilizing least privilege.
منابع مشابه
A Longitudinal Study of App Permission Usage across the Google Play Store
Although there are over 1,600,000 third-party Android apps in the Google Play Store, little has been conclusively shown about how their individual (and collective) permission usage has evolved over time. Recently, Android 6 overhauled the way permissions are granted by users, by switching to run-time permission requests instead of install-time permission requests. This is a welcome change, but ...
متن کاملAndroid Multi-Level System Permission Management Approach
With the expansion of the market share occupied by the Android platform, security issues (especially application security) have become attention focus of researchers. In fact, the existing methods lack the capabilities to manage application permissions without root privilege. This study proposes a dynamic management mechanism of Android application permissions based on security policies. The pa...
متن کاملPScout : Analyzing the Android Permission Specification by Kathy Wain Yee Au
PScout: Analyzing the Android Permission Specification Kathy Wain Yee Au Master of Applied Science Graduate Department of Electrical and Computer Engineering University of Toronto 2012 Modern smartphone operating systems (OSs) have been developed with a greater emphasis on security and protecting privacy. One of the security mechanisms these systems use is permission system. We perform an analy...
متن کاملPermission based Android security: Issues and countermeasures
Android security has been a hot spot recently in both academic research and public concerns due to numerous instances of security attacks and privacy leakage on Android platform. Android security has been built upon a permission based mechanism which restricts accesses of third-party Android applications to critical resources on an Android device. Such permission based mechanism is widely criti...
متن کاملAppGuard — Real-time policy en- forcement for third-party applications
Android has become the most popular operating system for mobile devices, which makes it a prominent target for malicious software. The security concept of Android is based on app isolation and access control for critical system resources. However, users can only review and accept permission requests at install time, or else they cannot install an app at all. Android neither supports permission ...
متن کامل