Repository logo
 

Measuring and Characterizing (mis)compliance of the Android permission system

Date

2023-06-02

Journal Title

Journal ISSN

Volume Title

Publisher

ORCID

0009-0002-9026-4140

Type

Thesis

Degree Level

Masters

Abstract

Within the Android mobile operating system, Android permissions act as a system of safeguards designed to restrict access to potentially sensitive data and privileged components. Multiple research studies indicate flaws and limitations of the Android permission system, prompting Google to implement a more regulated and fine-grained permission model. In spite of its newly-introduced complexity, misgranted permissions continue to present a significant risk to users. We present research on theoretical and practical misuse of permissions using our methodology that leverages unified permissions and call mappings. To guide the automated evaluation of permission use and compliance in Android apps, we develop PChecker, a tool that reports permissions requested by and granted to Android devices. We evaluate four versions of the Android Open Source Project code (major versions 10--13) and shed light on the prevalence of discrepancies between the official Android guidelines for permissions and their implementation in the Android platform source code. We use PChecker to analyze the permission use of 3,681 Android apps showing the common prevalence and occasional severity of non-compliance in real-world scenarios.

Description

Keywords

Android, documentation, applications, permissions, non-SDK restriction lists, security

Citation

Degree

Master of Science (M.Sc.)

Department

Computer Science

Program

Computer Science

Part Of

item.page.relation.ispartofseries

DOI

item.page.identifier.pmid

item.page.identifier.pmcid