Codabux, ZadiaStakhanova, Natalia2024-02-1620242024-012024-01-17January 20https://hdl.handle.net/10388/15497The Android permission system is a set of control mechanisms to regulate access to sensitive data and device resources (e.g., camera, location). The rapid development and changes in Android permissions, along with insufficient documentation, create numerous issues for third-party developers, which causes misuse of the permissions. To reduce the misuse of Android permissions and help the developers build secured apps, it is very crucial to find out the challenges related to Android permissions faced by developers and explore the potential resources to help the developers resolve those challenges. Our study aims to investigate developers’ challenges and corresponding solutions for Android permissions and evaluate the role of Large Language Models (e.g., ChatGPT) in addressing these challenges. To find the Android permission-related challenges, we performed qualitative and quantitative analyses of 3,327 questions and 3,271 answers about Android permissions from Stack Overflow. Then, we selected a sub-set of 1,008 question-accepted answer pairs from the above dataset to analyze the role of Large Language Models (e.g., ChatGPT) in addressing these challenges. The findings revealed a predominant number of questions on non-evolving SDK permissions (SDK permissions that are formally recognized and explicitly explained in the official documentation), consistent across multiple Android versions, underscoring the documentation deficit. We categorized the challenges faced by developers into key areas: Documentation-Related, Problems with Dependencies, Debugging, Conceptual Understanding, and Implementation Issues, further breaking them down into 12 subcategories, nine sub-subcategories, and nine sub-sub-subcategories. We found that despite Debugging being the most common question, its solutions are least provided, while Implementation-related solutions comprise 54.96% of the answers. The analysis revealed that developers hardly mention the restriction type or protection level of permissions. When they mention restriction type or protection level, it frequently conflicts with Google’s official documentation. Lastly, We found that for 53.26% of cases, ChatGPT’s responses align with Stack Overflow’s accepted answer. Our study highlights a critical need for unambiguous and reliable documentation to direct the appropriate use of permissions, thereby minimizing developer confusion and the consequent improper application of Android permissions. The findings provide valuable insights that could shape strategies and guidelines addressing permission-related challenges. Our study also highlights the viability of using Large Language Models like ChatGPT as a potential resource for helping developers with issues related to Android permissions.application/pdfenAndroid PermissionsStack OverflowLarge Language Models, ChatGPTThesis2024-02-16