{"title":"Short paper: rethinking permissions for mobile web apps: barriers and the road ahead","authors":"Chaitrali Amrutkar, Patrick Traynor","doi":"10.1145/2381934.2381939","DOIUrl":null,"url":null,"abstract":"The distinction between mobile applications built for specific platforms and that run in mobile browsers is increasingly being blurred. As HTML5 becomes universally deployed and mobile web apps directly take advantage of device features such as the camera, microphone and geolocation information, this difference will vanish almost entirely. In spite of this increasing similarity, the permission systems protecting mobile device resources for native1 and web apps are dramatically different. In this position paper, we argue that the increasing indistinguishability between such apps coupled with the dynamic nature of mobile web apps calls for reconsidering the current permission model for mobile web apps. We first discuss factors associated with securing mobile web apps in comparison to traditional apps. We then propose a mechanism that presents a holistic view of the permissions required by a web app and provides a simple, single-stop permission management process. We then briefly discuss issues surrounding the use and deployment of this technique. In so doing, we argue that in the absence of an in-cloud security model for mobile web apps, client side defenses are limited. Our model can provide users with a better chance of making informed security decisions and may also aid researchers in assessing security of mobile web apps.","PeriodicalId":213305,"journal":{"name":"Security and Privacy in Smartphones and Mobile Devices","volume":"8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Security and Privacy in Smartphones and Mobile Devices","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2381934.2381939","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 6
Abstract
The distinction between mobile applications built for specific platforms and that run in mobile browsers is increasingly being blurred. As HTML5 becomes universally deployed and mobile web apps directly take advantage of device features such as the camera, microphone and geolocation information, this difference will vanish almost entirely. In spite of this increasing similarity, the permission systems protecting mobile device resources for native1 and web apps are dramatically different. In this position paper, we argue that the increasing indistinguishability between such apps coupled with the dynamic nature of mobile web apps calls for reconsidering the current permission model for mobile web apps. We first discuss factors associated with securing mobile web apps in comparison to traditional apps. We then propose a mechanism that presents a holistic view of the permissions required by a web app and provides a simple, single-stop permission management process. We then briefly discuss issues surrounding the use and deployment of this technique. In so doing, we argue that in the absence of an in-cloud security model for mobile web apps, client side defenses are limited. Our model can provide users with a better chance of making informed security decisions and may also aid researchers in assessing security of mobile web apps.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
