Professional Documents
Culture Documents
Abdallah Khreishah
Yan Zhang
Mingyuan Yan (Eds.)
Wireless Algorithms,
LNCS 10251
Systems,
and Applications
12th International Conference, WASA 2017
Guilin, China, June 19–21, 2017
Proceedings
123
3P Framework: Customizable Permission
Architecture for Mobile Applications
1 Introduction
Smart phones have dramatically changed the mobile world within a very short
period. The global smart phone users exceeded 2.1 billion in 2016, and smart
This work is partially supported by the National Natural Science Foundation of
China under Grant Nos. 61370192, 61432015, and 61602038.
c Springer International Publishing AG 2017
L. Ma et al. (Eds.): WASA 2017, LNCS 10251, pp. 445–456, 2017.
DOI: 10.1007/978-3-319-60033-8 39
446 S. Biswas et al.
phone penetration in China will cross 60% by 2020 [1,2]. A tremendous growth
in the number of mobile apps, and app distribution platforms has also been
observed. Applications are used for various daily life purposes including commu-
nication, mobile payments, entertainment, navigation, etc. In essence a smart
phone contains a summary of complete daily life of a person. The on-line stores
to obtain application apks for android are uncountable. Although this has helped
in increasing the application development and ease of access, but at the same
time, it has created numerous new challenges, among which user security and
safety is a dominating one.
Android’s existing security is built upon a permission based mechanism which
restricts access of third-party Android applications to critical resources on a
device (e.g., wi-fi, camera, etc.), change phone settings, read or write data (e.g.
text message, contacts). App developers can use these permissions according
to the requirements and services in their applications. Unfortunately, malicious
and unscrupulous apps may also take benefit of these mechanisms for illegal
purposes [3–6]. Moreover, some developers lack of privacy awareness [7], due to
which, developers over-claim the permissions necessary to run the application.
In existing security system of Android users see those required permissions of an
application as a warning during installation or at runtime. In majority of cases,
the user of application struggles to understand at installation, what the permis-
sion actually will do. In this paper, we propose a comprehensive smartphone
permission policy framework, which sits between the kernel and the application
apks, and intercepts the permission process. This creates a comprehensive solu-
tion to control which permissions are being granted for the device resources and
user data. In order to better understand the awareness level of users regarding
permission process of applications, we have also conducted a survey. Based on its
recommendations, this framework assists users to fully control which permissions
are to be granted.
The rest of paper is organized as: Sect. 2 discusses related work regarding the
studies done about user awareness of security and privacy threats. In Sect. 3 we
present results collected from survey to determine the correlation between users’
educational background and the app permission awareness. Section 4 describes
the Privacy Permission Policy Framework in detail, followed by implementation
and analysis in Sect. 5. Conclusion is drawn in Sect. 6.
2 Related Works
Chin et al. [8] conducted a user study involving 60 smart phone users to gain
understanding into user perceptions of smart phone security and installation
habits. Their survey collects information about users such as; (a) users are more
concerned about privacy on their smart phones than their laptops, (b) users
are apprehensive about performing privacy-sensitive and financial tasks on their
smart phones than their laptops (c) users worry about physical theft and data
loss, malicious applications, and wireless network attackers. The conclude that
users need to be more vigilant about security, and should use applications that
3P Framework: Customizable Permission Architecture for Mobile App 447
protect from intrusions, security breaches, and malware. They also suggest that
users need to be educated more about the safety and security of devices and data.
Felt et al. [9] ran a survey on 3115 users and suggested a ranking of the risks
of 54 smart phone application permissions. Lin et al. [10] framed mobile privacy
in the form of people’s expectations and concluded implication for employing
crowdsourcing as a privacy evaluation technique. Balebako et al. [7] surveyed
on 228 app developers to quantify privacy and security behaviors, suggested
tools and opportunities to reduce the barriers for app developers to implement
privacy and security best practices. In addition a number of papers address the
perception of users with regards to user confidence in security, the complexity
of permissions, and permission management [11–15]. Moreover there is a large
collection of mobile applications [16–20], that are available to change the privacy
settings, permissions, and other aspects. Majority of these tools are designed to
change settings after the application has been installed, which is an after the
fact situation.
Improvement and awareness of security situation is a continuous process. As
the technologies improve & evolve, and become available for mass public usage, it
becomes important to educate and make the user aware of the risks and concerns
of safety and privacy.
permission and its effect on security (c) knowledge about the effect of malicious
apps on personal data, or (d) utilization of apps.
During the follow-up interviews with selected participants, similar observa-
tion was made. Users are often surprised about the permissions requested, data
collected by apps, and the recipients of such data. We also observed that users
do not understand privacy notices. In essence most of the users have little or no
idea about permissions, privacy & security practices, and don’t read applications
documentation to fully understand the risk. Hence it becomes impossible to con-
sciously arrive at a permission decision. Most of the users accept all permissions
requests, because of their desire to use the application for it’s advertised purpose.
Engr 1 2 3 4 5 6 7 8
Engr 1
1 0.008 1
2 0.093 .345** 1
3 0.105 0.119 0.018 1
4 0.029 .254** .262** 0.106 1
5 .287** .176* 0.137 0.035 0.129 1
6 .218* .198* .213* 0.046 .189* 0.101 1
7 0.169 0.035 .312** 0.046 .213* .205* 0.168 1
8 0.146 0.167 0.089 0.065 .307** .320** .224* .243** 1
**Correlation is significant at the 0.01 level (2-tailed).
*Correlation is significant at the 0.05 level (2-tailed).
phone users. This Privacy Permission Policy (3P) framework takes smart deci-
sions about warning the users of all permissions requested and assist in choosing
the minimum required permissions based on user needs. As shown in Fig. 2, the
framework is essentially a middleware, which takes into account the preferences
& behavior of the user, detailed permissions requested in the application apk,
and ensures that only those permissions are granted which will not go beyond
the intended use of application. The framework enables user to pick and choose
which permissions to grant and which not, which is contrary to majority of
the installation processes. Current installers only show the users a subset of
requested permissions, and denying them usually results in rejection of applica-
tion installation. Hence the user has no choice to either accept all, or not use
the application.
Fig. 2. 3P framework
Our frame work has three major modules, which work with each other and
interact with the user to customize the permission process. These are explained
in the following subsections.
APK Parser: This module is responsible of parsing the .apk file to extract
the permissions from AndroidM anif est.xml file. This customized parser looks
for all the different types of permissions requested and then feeds them to the
classifier module for further analysis. In case the parser is unable to locate the
manifest file, or the format is not understandable, the application is immediately
rejected and marked as a security threat.
Permission Classifier: This module plays a major role in the whole installation
process, as it is responsible for identifying and classifying the permissions into
3P Framework: Customizable Permission Architecture for Mobile App 451
different categories. The permissions can primarily be classified into three cate-
gories. Android SDK provides a list of permissions which are available to appli-
cation developers, for gaining access to different resources/information available
on the smart device. In addition the application developers provide informa-
tion on application distribution stores, regarding which permissions they will be
requesting/requiring to use the application. In light of this, the permission classi-
fier categorizes the list based on manifest file as: (a) Requested and listed in app
description, (b) Requested but not listed in app description, and (c) Requested
but not listed and are not part of the standard list of permissions available with
SDK (details in Sect. 5).
The permission classifier maintains a Legal Permission Database, which
extracts information from the available and regularly updated permission lists
for Android SDK online [21]. It also maintains a historical listing and changes
in it.
User Behavior and Policy Manager: This is another core module of the
customized installer, as it has a multi facet job. It is responsible for interacting
with the user, categorization of apps, maintain/enforce the permission policy
for installation of the app. Fundamentally this module classifies the application
into different categories and then limits the permissions required for a specific
category. It is a tricky task to categories the large number of applications that
are available online, but Google Play store fundamentally divides all apps into
Games and Applications. Games are further divided into 17 subcategories, and
Applications into 30 subcategories, as of writing of this paper. It is mainly for
searching, but we make use of this classification in order to limit the permission
requirement1 .
This module interacts with the user to check which subcategory the appli-
cation falls in, and shows them the minimum required permissions for that cat-
egory. For Example, the applications in Photography category do not need to
have access to account manager or read contacts permission. Hence the mini-
mum default permissions are set based on apps services, purpose, and users’
requirements. In addition the users do have the option to custom select the
permissions as they seem fit.
The information is stored in the policy database, and it is updated to learn
the behavior of the user. For instance, if the user specifically grants a permission
that is not the default for the category, next time the user installs a similar
application (or the same) it is highlighted. The user interface shows the user
options to select minimum default recommended, accept what the application
has requested, or customize completely for advanced users.
1
Change is categories at Google Play Store does not effect implementation of this
research. Other application categorizations can also be as effectively used as this
one.
452 S. Biswas et al.
Once the Permission Classifier has categorized all the permissions requested they
are forwarded to User Behavior and Policy Manager. To evaluate basic permis-
sion set against the working of application, we allowed only the basic minimum
permissions listed in Google API as well as declared in the application descrip-
tion. For Facebook, only 11 listed permissions were granted and application was
installed. The application installed successfully and launched normally, which
proves that it is not necessary for the user to accept all the permissions in
order to install the application. Similarly, for WeChat 15 basic permissions were
granted and app was installed. For QQi, 18 permissions were granted and appli-
cation was installed. It is very important to note that after successful launch
of weChat, prompt was given for other permissions, which were required to use
some of the features of the application. This is acceptable behavior as, it clearly
informs the user of permission related to the service they are about to use.
In addition, an important factor that masks the visibility of requested permis-
sions from the users is the UI of operating system, especially if it customized by
the hardware vendor. In our implementation, we tested the framework on three
different hardware, i.e. XiaoMi, LG, and Huawei. For Facebook installation the
total number of permissions requested as shown by XiaoMi were 34, while LG
showed 22, and Huawei 28. This is mainly attributed how the different flavors
of Android customization groups and perceives the requested permissions. This
extends to a potential future work of our system. After installation of the appli-
cation, if the app requests new permissions, they need to be intercepted and user
needs to be notified if any bulk permissions are being granted.
6 Conclusion
References
1. Statista: Number of Smartphone Users Worldwide from 2014 to 2020. https://
www.statista.com/statistics/330695/number-of-smartphone-users-worldwide/
2. Statista: Share of Mobile Phone Users that Use a Smartphone in China
from 2013 to 2019. https://www.statista.com/statistics/257045/smartphone-user-
penetration-in-china/
3. Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile
malware in the wild. In: ACM Workshop on Security and Privacy in Smartphones
and Mobile Devices (SPSM), pp. 3–14 (2011)
4. Thurm, S., Kanel, Y.I.: Your apps are watching you. Wallstreet J. (2010)
5. Zhang, L., Cai, Z., Wang, X.: FakeMask: a novel privacy preserving approach for
smartphones. IEEE Trans. Netw. Serv. Manag. 13(2), 335–348 (2016)
6. He, Z., Cai, Z., Li, Y.: Customized privacy preserving for classification based appli-
cations. In: Proceedings of the ACM Workshop on Privacy-Aware Mobile Comput-
ing, pp. 37–42. ACM (2016)
7. Balebako, R., Marsh, A., Lin, J., Hong, J., Cranor, L.F.: The privacy and security
behaviors of smartphone app developers. In: Workshop on Usable Security UsEC,
February 2014
8. Chin, E., Felt, A.P., Sekar, V., Wagner, D.: Measuring user confidence in smart-
phone security and privacy. In: Proceedings of Symposium on Usable Privacy and
Security SOUPS. ACM, July 2012
9. Felt, A.P., Egelman, S., Wagner, D.: I’Ve got 99 problems, but vibration ain’t
one: a survey of smartphone users’ concerns. In: ACM Workshop on Security and
Privacy in Smartphones and Mobile Devices (SPSM), pp. 33–44 (2012)
10. Lin, J., Amini, S., Hong, J.I., Sadeh, N., Lindqvist, J., Zhang, J.: Expectation
and purpose: understanding users’ mental models of mobile app privacy through
crowdsourcing. In: Proceedings of the ACM Conference on Ubiquitous Computing
(UbiComp), pp. 501–510. ACM, September 2012
11. Benenson, Z., Kroll-Peters, O., Krupp, M.: Attitudes to IT security when using
a smartphone. In: Federated Conference on Computer Science and Information
Systems (FedCSIS), pp. 1179–1183, September 2012
12. Mylonas, A., Kastania, A., Gritzalis, D.: Delegate the smartphone user? Security
awareness in smartphone platforms. Comput. Secur. 34, 47–66 (2013)
13. Fife, E., Orjuela, J.: The privacy calculus: mobile apps and user perceptions of
privacy and security. Int. J. Eng. Bus. Manag. 5(1) (2012)
456 S. Biswas et al.
14. Balebako, R., Jung, J., Lu, W., Cranor, L.F., Nguyen, C.: Little brothers watch-
ing you: raising awareness of data leaks on smartphones. In: Proceedings of the
Symposium on Usable Privacy and Security SOUPS. ACM (2013)
15. Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N., Wetherall, D.: A
conundrum of permissions: installing applications on an Android smartphone. In:
Blyth, J., Dietrich, S., Camp, L.J. (eds.) FC 2012. LNCS, vol. 7398, pp. 68–79.
Springer, Heidelberg (2012). doi:10.1007/978-3-642-34638-5 6
16. Beresford, A.R., Rice, A., Skehin, N., Sohan, R.: MockDroid: trading privacy for
application functionality on smartphones. In: Proceedings of the Workshop on
Mobile Computing Systems and Applications, pp. 49–54. ACM (2011)
17. Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren’t the droids
you’re looking for: retrofitting Android to protect data from imperious applica-
tions. In: Proceedings of the ACM Conference on Computer and Communications
Security, pp. 639–652. ACM (2011)
18. Zhou, Y., Zhang, X., Jiang, X., Freeh, V.W.: Taming information-stealing smart-
phone applications (on Android). In: McCune, J.M., Balacheff, B., Perrig, A.,
Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) Trust 2011. LNCS, vol. 6740, pp. 93–107.
Springer, Heidelberg (2011). doi:10.1007/978-3-642-21599-5 7
19. Au, K.W.Y., Zhou, Y.F., Huang, Z., Lie, D.: PScout: analyzing the Android per-
mission specification. In: Proceedings of the ACM Conference on Computer and
Communications Security, pp. 217–228. ACM (2012)
20. Mueller, K., Butler, K.: Flex-P: flexible Android permissions. In: IEEE Symposium
on Security and Privacy, May 2011
21. Android, S.D.K.: Android Manifest Permission API 25. https://developer.android.
com/reference/android/Manifest.permission.html