Android Permissions Management at App Installing (original) (raw)
Related papers
Privacy issues of android application permissions: A literature review
Transactions on Emerging Telecommunications Technologies, 2019
Android is an application platform for mobile devices. It comprises of the operating system, software framework, and core programs. This platform uses permissions to hide precious information about the user from untrusted apps. However, to install an application, device feature uses permissions that are granted by the user. User has the ability to analyze permissions and abort the setup if the permissions are unfriendly or unrestrained. Android permission analysis schemes show a significant role to fight against these undesirable behaviors of untrusted android apps in the aspect of security and privacy. This survey attempts to deal with the android application permissions that are related security and privacy challenges. It includes various research articles published in computers and security, digital investigation, decision support systems, systems and software security, and information forensics journals in the last 10 years. The survey is based on the following considerations: research issues motivated by the scheme, the methodology used, ability of result analysis conducted, and android features considered for performance evaluation.
Analysis of Android Applications' Permissions
2012 IEEE Sixth International Conference on Software Security and Reliability Companion, 2012
We developed an architecture that automatically searches for and downloads Android applications from the Android Market. Furthermore, we created a detailed mapping of Android application programming interface (API) calls to the required permission(s), if any, for each call. We then performed an analysis of 141,372 Android applications to determine if they have the appropriate set of permissions based on the static analysis of the APK bytecode of each application. Our findings indicate that the majority of mobile software developers are not using the correct permission set and that they either over-specify or under-specify their security requirements.
Permission-based Privacy Analysis for Android Applications
While Information and Communication Technology (ICT) trends are moving towards the Internet of Things (IoT), mobile applications are becoming more and more popular. Mostly due to their pervasiveness and the level of interaction with the users, along with the great number of advantages, the mobile applications bring up a great number of privacy related issues as well. These platforms can gather our very sensitive private data by only granting them a list of permissions during the installation process. Additionally, most of the users can find it difficult, or even useless, to analyze system permissions. Thus, their guess of app's safety mostly relies on the features like rating and popularity, rather than in understanding context of listed permissions. In this paper we investigate the relationship between the features collected from Android Market API 23 (such as Popularity, Total Number of Permissions, Number of Dangerous Permissions, Rating and Package Size) to app's privacy violation. To show the influence of each feature we use linear regression and R squared statistics. The conducted research can contribute to the classification of mobile applications with regards to the threat on user's privacy.
A Comprehensive Analysis of the Android Permissions System
IEEE Access, 2020
Android is one of the most essential and highly used operating systems. Android permissions system is a core security component that offers an access-control mechanism to protect system resources and users' privacy. As such, it has experienced continuous change over each Android release. However, previous research on the permissions system has employed static analysis techniques. Furthermore, most of these studies are outdated, covering older versions of Android. This paper aims to discuss the permissions system intensively to provide a nutshell overview of the Android platform's access-control mechanism. The paper presents a comprehensive analysis of the Android permissions system since it was introduced in 2008 until now, accompanied by a formal model of its components. The results of the analysis reveal a continuous growth in the number of permissions since the original release-a growth of seven times in some permission categories. A case study has been conducted for the last five years' versions of the top Android apps to examine the permissions system's evolution and its attendant security issues from the applications' perspective. Some apps showed an increase in permissions usage of 73.33% by the 2020 release. Additionally, the results of the case study contribute to the understanding of permissions deployment by both vendors and developers. Finally, a discussion of the permission-based security enhancements discloses that the Android permissions system faces various security issues. In general, this paper provides researchers and academics an up-to-date, comprehensive, self-contained reference study of the Android permissions system.
User Centric Android Application Permission Manager
2021
Mobile malware has become a very hot research topic in the last few years, and this was due to the widespread usage of mobile devices all over the world. Like other systems, mobile devices are prune to different attacks that might invade user's privacy and lead to private data leakage. Millions of Mobile application have been developed and used Worldwide, most of them are requiring permissions to work properly. The permission management problem is more apparent on Android systems rather than other mobile systems such as iOS. Some of these permissions might lead to successful security attacks on Android systems and hence lead to privacy leakage. To reduce the possibility of such attacks, many researchers have proposed mobile applications that help users to manage access permissions for their mobile applications. Most of the proposed systems lack the ability to profile users according to their preferences and do not provide automatic follow up with temporary granted permissions. In this research, we propose a User Centric Android Application Permission Manager tool called (UCAAPM), that provides an efficient and flexible way for managing permissions and profiling these permissions for each user, these profiles can be used on any Android device. UCAAPM will automatically follow up users permissions and grant/deny the permission on a scheduling basis defined by the user's profile and according to his preferences. Experimental results showed that the tool works efficiently in terms of CPU, RAM, and power consumption, furthermore users are highly satisfied with using it.
2016
Being one of the major operating system in smartphone industry, security in Android is paramount importance to end users. Android applications are published through Google Play Store which is an official marketplace for Android. If we have to define the current security policy implemented by Google Play Store for publishing Android applications in one sentence then we can write it as "all are suspect but innocent until proven guilty." It means an application does not have to go through rigorous security review to be accepted for publication. It is assumed that all the applications are benign which does not mean it will remain so in future. If any application is found doing suspicious activities then the application will be categorized as malicious and it will be removed from the Play Store. Though filtering of malicious applications is performed at Play Store, some malicious applications escape the filtering process. Thus, it becomes necessary to take strong security measures at other levels. Security in Android can be enforced at system and application levels. At system level Android uses sandboxing technique while at application level it uses permission. In this paper, we analyze the permission-based security implemented in Android through three different perspectives-policy expert, developer, and end user.
Modeling and enhancing Android’s permission system
2012
Several works have recently shown that Android's security architecture cannot prevent many undesired behaviors that compromise the integrity of applications and the privacy of their data. This paper makes two main contributions to the body of research on Android security: first, it develops a formal framework for analyzing Android-style security mechanisms; and, second, it describes the design and implementation of Sorbet, an enforcement system that enables developers to use permissions to specify secrecy and integrity policies.
Proceedings of the 17th ACM symposium on Access Control Models and Technologies, 2012
The phenomenal growth of the Android platform in the past few years has made it a lucrative target of malicious application (app) developers. There are numerous instances of malware apps that send premium rate SMS messages, track users' private data, or apps that, even if not characterized as malware, conduct questionable actions affecting the user's privacy or costing them money. In this paper, we investigate the feasibility of using both the permissions an app requests, the category of the app, and what permissions are requested by other apps in the same category to better inform users whether the risks of installing an app is commensurate with its expected benefit. Existing approaches consider only the risks of the permissions requested by an app and ignore both the benefits and what permissions are requested by other apps, thus having a limited effect. We propose several risk signals that and evaluate them using two datasets, one consists of 158,062 Android apps from the Android Market, and another consists of 121 malicious apps. We demonstrate the effectiveness of our proposal through extensive data analysis.
Android Apps Management System to Ensure Mobile Security
It is certain that the future of the network will be the mobile utter. Google's Android platform is a widely forecast open source operating system for mobile phones. This article is about Android's security model and seeks to reveal the complexity of secure application development, identifying lessons and opportunities for future enhancements. This article provides a secure way to download an application and managing access permission for using the Android mobile phone. Following article shows how to download an application without virus or secure user android in a convenient way. This application provides user to manage the access permissions both automatically and manually. The user can access permissions when the user installs an application or user can manually go to settings and update the permissions. Thus, we provide a permission system through which uses android devices can propose abstract authorization rules, provide highlevel rules and learn user privacy preferences. Therefore, concepts and approaches towards effective privacy management for mobile platforms are reviewed.
An Investigation into Android Run-time Permissions from the End Users' Perspective
To protect the privacy of end users from intended or unintended malicious behaviour, the Android operating system provides a permissions-based security model that restricts access to privacyrelevant parts of the platform. Starting with Android 6, the permission system has been revamped, moving to a run-time model. Users are now prompted for confirmation when an app attempts to access a restricted part of the platform.