Jinseong Jeon, Kristopher K. Micinski, J. A. Vaughan, Ari Fogel, N. Reddy, J. Foster, T. Millstein
{"title":"Dr. Android and Mr. Hide: fine-grained permissions in android applications","authors":"Jinseong Jeon, Kristopher K. Micinski, J. A. Vaughan, Ari Fogel, N. Reddy, J. Foster, T. Millstein","doi":"10.1145/2381934.2381938","DOIUrl":null,"url":null,"abstract":"Google's Android platform includes a permission model that protects access to sensitive capabilities, such as Internet access, GPS use, and telephony. While permissions provide an important level of security, for many applications they allow broader access than actually required. In this paper, we introduce a novel framework that addresses this issue by adding finer-grained permissions to Android. Underlying our framework is a taxonomy of four major groups of Android permissions, each of which admits some common strategies for deriving sub-permissions. We used these strategies to investigate fine-grained versions of five of the most common Android permissions, including access to the Internet, user contacts, and system settings. We then developed a suite of tools that allow these fine-grained permissions to be inferred on existing apps; to be enforced by developers on their own apps; and to be retrofitted by users on existing apps. We evaluated our tools on a set of top apps from Google Play, and found that fine-grained permissions are applicable to a wide variety of apps and that they can be retrofitted to increase security of existing apps without affecting functionality.","PeriodicalId":213305,"journal":{"name":"Security and Privacy in Smartphones and Mobile Devices","volume":"40 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"271","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Security and Privacy in Smartphones and Mobile Devices","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2381934.2381938","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 271
Abstract
Google's Android platform includes a permission model that protects access to sensitive capabilities, such as Internet access, GPS use, and telephony. While permissions provide an important level of security, for many applications they allow broader access than actually required. In this paper, we introduce a novel framework that addresses this issue by adding finer-grained permissions to Android. Underlying our framework is a taxonomy of four major groups of Android permissions, each of which admits some common strategies for deriving sub-permissions. We used these strategies to investigate fine-grained versions of five of the most common Android permissions, including access to the Internet, user contacts, and system settings. We then developed a suite of tools that allow these fine-grained permissions to be inferred on existing apps; to be enforced by developers on their own apps; and to be retrofitted by users on existing apps. We evaluated our tools on a set of top apps from Google Play, and found that fine-grained permissions are applicable to a wide variety of apps and that they can be retrofitted to increase security of existing apps without affecting functionality.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
