Measuring and Characterizing (mis)compliance of the Android permission system
Date
2023-06-02
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
ORCID
0009-0002-9026-4140
Type
Thesis
Degree Level
Masters
Abstract
Within the Android mobile operating system, Android permissions act as a system of safeguards designed to restrict access to potentially sensitive data and privileged components. Multiple research studies indicate flaws and limitations of the Android permission system, prompting Google to implement a more regulated and fine-grained permission model. In spite of its newly-introduced complexity, misgranted permissions continue to present a significant risk to users.
We present research on theoretical and practical misuse of permissions using our methodology that leverages unified permissions and call mappings. To guide the automated evaluation of permission use and compliance in Android apps, we develop PChecker, a tool that reports permissions requested by and granted to Android devices.
We evaluate four versions of the Android Open Source Project code (major versions 10--13) and shed light on the prevalence of discrepancies between the official Android guidelines for permissions and their implementation in the Android platform source code. We use PChecker to analyze the permission use of 3,681 Android apps showing the common prevalence and occasional severity of non-compliance in real-world scenarios.
Description
Keywords
Android, documentation, applications, permissions, non-SDK restriction lists, security
Citation
Degree
Master of Science (M.Sc.)
Department
Computer Science
Program
Computer Science