TY - GEN
T1 - Dr. android and Mr. hide
T2 - 2nd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM 2012
AU - Jeon, Jinseong
AU - Micinski, Kristopher K.
AU - Vaughan, Jeffrey A.
AU - Fogel, Ari
AU - Reddy, Nikhilesh
AU - Foster, Jeffrey S.
AU - Millstein, Todd
N1 - Copyright:
Copyright 2012 Elsevier B.V., All rights reserved.
PY - 2012
Y1 - 2012
N2 - Google's Android platform includes a permission model that protects access to sensitive capabilities, such as Internet ac-cess, GPS use, and telephony. While permissions provide an important level of security, for many applications they allow broader access than actually required. In this paper, we introduce a novel framework that addresses this issue by adding finer-grained permissions to Android. Under-lying our framework is a taxonomy of four major groups of Android permissions, each of which admits some com-mon strategies for deriving sub-permissions. We used these strategies to investigate fine-grained versions of five of the most common Android permissions, including access to the Internet, user contacts, and system settings. We then de-veloped a suite of tools that allow these fine-grained per-missions to be inferred on existing apps; to be enforced by developers on their own apps; and to be retrofitted by users on existing apps. We evaluated our tools on a set of top apps from Google Play, and found that fine-grained permissions are applicable to a wide variety of apps and that they can be retrofitted to increase security of existing apps without affecting functionality.
AB - Google's Android platform includes a permission model that protects access to sensitive capabilities, such as Internet ac-cess, GPS use, and telephony. While permissions provide an important level of security, for many applications they allow broader access than actually required. In this paper, we introduce a novel framework that addresses this issue by adding finer-grained permissions to Android. Under-lying our framework is a taxonomy of four major groups of Android permissions, each of which admits some com-mon strategies for deriving sub-permissions. We used these strategies to investigate fine-grained versions of five of the most common Android permissions, including access to the Internet, user contacts, and system settings. We then de-veloped a suite of tools that allow these fine-grained per-missions to be inferred on existing apps; to be enforced by developers on their own apps; and to be retrofitted by users on existing apps. We evaluated our tools on a set of top apps from Google Play, and found that fine-grained permissions are applicable to a wide variety of apps and that they can be retrofitted to increase security of existing apps without affecting functionality.
KW - Android
KW - Binary transformation
KW - Fine-grained permissions
UR - http://www.scopus.com/inward/record.url?scp=84869790502&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84869790502&partnerID=8YFLogxK
U2 - 10.1145/2381934.2381938
DO - 10.1145/2381934.2381938
M3 - Conference contribution
AN - SCOPUS:84869790502
SN - 9781450316668
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 3
EP - 14
BT - SPSM'12 - Proceedings of the Workshop on Security and Privacy in Smartphones and Mobile Devices
Y2 - 19 October 2012 through 19 October 2012
ER -