TY - GEN
T1 - User interactions and permission use on android
AU - Micinski, Kristopher
AU - Votipka, Daniel
AU - Stevens, Rock
AU - Kofinas, Nikolaos
AU - Mazurek, Michelle L.
AU - Foster, Jeffrey S.
N1 - Publisher Copyright:
© 2017 ACM.
PY - 2017/5/2
Y1 - 2017/5/2
N2 - Android and other mobile operating systems ask users for authorization before allowing apps to access sensitive resources such as contacts and location. We hypothesize that such authorization systems could be improved by becoming more integrated with the app's user interface. In this paper, we conduct two studies to test our hypothesis. First, we use App-Tracer, a dynamic analysis tool we developed, to measure to what extent user interactions and sensitive resource use are related in existing apps. Second, we conduct an online survey to examine how different interactions with the UI affect users' expectations about whether an app accesses sensitive resources. Our results suggest that user interactions such as button clicks can be interpreted as authorization, reducing the need for separate requests; but that accesses not directly tied to user interactions should be separately authorized, possibly when apps are first launched.
AB - Android and other mobile operating systems ask users for authorization before allowing apps to access sensitive resources such as contacts and location. We hypothesize that such authorization systems could be improved by becoming more integrated with the app's user interface. In this paper, we conduct two studies to test our hypothesis. First, we use App-Tracer, a dynamic analysis tool we developed, to measure to what extent user interactions and sensitive resource use are related in existing apps. Second, we conduct an online survey to examine how different interactions with the UI affect users' expectations about whether an app accesses sensitive resources. Our results suggest that user interactions such as button clicks can be interpreted as authorization, reducing the need for separate requests; but that accesses not directly tied to user interactions should be separately authorized, possibly when apps are first launched.
KW - Android
KW - Apps
KW - Contextual security
KW - Permissions
UR - http://www.scopus.com/inward/record.url?scp=85025134095&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85025134095&partnerID=8YFLogxK
U2 - 10.1145/3025453.3025706
DO - 10.1145/3025453.3025706
M3 - Conference contribution
AN - SCOPUS:85025134095
T3 - Conference on Human Factors in Computing Systems - Proceedings
SP - 362
EP - 373
BT - CHI 2017 - Proceedings of the 2017 ACM SIGCHI Conference on Human Factors in Computing Systems
PB - Association for Computing Machinery
T2 - 2017 ACM SIGCHI Conference on Human Factors in Computing Systems, CHI 2017
Y2 - 6 May 2017 through 11 May 2017
ER -