Dr. android and Mr. hide: Fine-grained permissions in android applications

Jinseong Jeon, Kristopher K. Micinski, Jeffrey A. Vaughan, Ari Fogel, Nikhilesh Reddy, Jeffrey S. Foster, Todd Millstein

Research output: Chapter in Book/Report/Conference proceedingConference contribution

126 Scopus citations

Abstract

Google's Android platform includes a permission model that protects access to sensitive capabilities, such as Internet ac-cess, GPS use, and telephony. While permissions provide an important level of security, for many applications they allow broader access than actually required. In this paper, we introduce a novel framework that addresses this issue by adding finer-grained permissions to Android. Under-lying our framework is a taxonomy of four major groups of Android permissions, each of which admits some com-mon strategies for deriving sub-permissions. We used these strategies to investigate fine-grained versions of five of the most common Android permissions, including access to the Internet, user contacts, and system settings. We then de-veloped a suite of tools that allow these fine-grained per-missions to be inferred on existing apps; to be enforced by developers on their own apps; and to be retrofitted by users on existing apps. We evaluated our tools on a set of top apps from Google Play, and found that fine-grained permissions are applicable to a wide variety of apps and that they can be retrofitted to increase security of existing apps without affecting functionality.

Original languageEnglish (US)
Title of host publicationSPSM'12 - Proceedings of the Workshop on Security and Privacy in Smartphones and Mobile Devices
Pages3-14
Number of pages12
DOIs
StatePublished - Nov 27 2012
Externally publishedYes
Event2nd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM 2012 - Raleigh, NC, United States
Duration: Oct 19 2012Oct 19 2012

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Conference

Conference2nd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM 2012
CountryUnited States
CityRaleigh, NC
Period10/19/1210/19/12

Keywords

  • Android
  • Binary transformation
  • Fine-grained permissions

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Dr. android and Mr. hide: Fine-grained permissions in android applications'. Together they form a unique fingerprint.

  • Cite this

    Jeon, J., Micinski, K. K., Vaughan, J. A., Fogel, A., Reddy, N., Foster, J. S., & Millstein, T. (2012). Dr. android and Mr. hide: Fine-grained permissions in android applications. In SPSM'12 - Proceedings of the Workshop on Security and Privacy in Smartphones and Mobile Devices (pp. 3-14). (Proceedings of the ACM Conference on Computer and Communications Security). https://doi.org/10.1145/2381934.2381938