Droid M+: Developer Support for Imbibing Android's New Permission Model

@article{Gasparis2018DroidMD,
  title={Droid M+: Developer Support for Imbibing Android's New Permission Model},
  author={Ioannis Gasparis and Azeem Aqil and Zhiyun Qian and Chengyu Song and Srikanth V. Krishnamurthy and Rajiv Gupta and Edward J. M. Colbert},
  journal={Proceedings of the 2018 on Asia Conference on Computer and Communications Security},
  year={2018},
  url={https://api.semanticscholar.org/CorpusID:44152712}
}
Droid M+, a system that helps developers to easily retrofit their legacy code to support the new permission model and adhere to Google's guidelines is developed, believing that Droid M+ offers a significant step in preserving user privacy and improving user experience.
View on ACM
dl.acm.org
8 Citations
Background Citations
4

Figures and Tables from this paper

8 Citations

Figment: Fine-grained Permission Management for Mobile Apps

This paper develops a framework Figment, which consists of set of libraries that developers can easily use to build in fine-grained dynamic permission management capabilities, and shows that Figment offers significant benefits over the Android Marshmallow permission management system with lower runtime overheads.

APER: Evolution-Aware Runtime Permission Misuse Detection for Android Apps

A static analyzer, Aper, is designed that performs reaching definition and dominator analysis on Android apps to detect the two types of ARP bugs, and significantly outperforms existing tools on ARPFIX.

Explanation Beats Context: The Effect of Timing & Rationales on Users' Runtime Permission Decisions

The results show that there is a clear interplay between timing and rationales on users’ permission decisions and the evaluation of their decisions, making the effect of rationales stronger when shown upfront and limiting the effects of timing when rationales are present.

Factors Affecting Users' Disclosure Decisions in Android Runtime Permissions Model

The results show that dangerous permission type as well as clarity of the context have a statistical significant effect on users' disclosure decisions, and such factors should be taken into account by Android apps developers when requesting access to users' private information.

PGFit: Static permission analysis of health and fitness apps in IoT programming frameworks

R

There is an increase in the value of student learning outcomes in problem solving abilities, so that the BAEI developed is classified as effective to use.

R

This paper has investigated the physical behavior of cosmological models in the framework of modified Teleparallel gravity using a Renyi holographic “dark energy model (RHDE) with a Hubble cutoff and considered a homogeneous and isotropic Friedman universe with perfect Friedman universe.

R

. We give a complete list of all quadratic modules and inclusions between them in the ring R [[ X ]] of formal power series in one variable X over a euclidean field R .

44 References

The effect of developer-specified explanations for permission requests on smartphone user behavior

It is shown that permission requests that include explanations are significantly more likely to be approved and that the adoption rate by developers is relatively small: around 19% of permission requests include developer-specified explanations.

revDroid: Code Analysis of the Side Effects after Dynamic Permission Revocation of Android Apps

An empirical study to understand the latest application practice post Android 6.0, and a practical tool, referred to as revDroid, to help to empirically analyze how often the undesirable side effects, especially application crash, can occur in off-the-shelf Android applications.

PScout: analyzing the Android permission specification

An analysis of the permission system of the Android smartphone OS is performed and it is found that a trade-off exists between enabling least-privilege security with fine-grained permissions and maintaining stability of the permissions specification as the Android OS evolves.

Permission evolution in the Android ecosystem

It is stated that the Android ecosystem is not becoming more secure from the user's point of view and the need to revisit the practices and policies of the ecosystem is suggested.

Permissions snapshots: Assessing users' adaptation to the Android runtime permission model

This paper presents the first study that analyzes Android users' adaptation to the fine-grained runtime permission model, regarding their security and privacy controls, and shows that individuals make consistent choices regarding the resources they allow to various applications to access.

AutoCog: Measuring the Description-to-permission Fidelity in Android Applications

A system AutoCog is presented to automatically assess description-to-permission fidelity of applications and outperforms other related work on both performance of detection and ability of generalization over various permissions by a large extent.

Permlyzer: Analyzing permission usage in Android applications

This evaluation using 51 malware/spyware families and over 110,000 Android applications demonstrates that Permlyzer can provide detailed permission use analysis and discover the characteristics of the permission uses in both benign and malicious applications.

Android permissions demystified

Stowaway, a tool that detects overprivilege in compiled Android applications, is built and finds that about one-third of applications are overprivileged.

WHYPER: Towards Automating Risk Assessment of Mobile Applications

WHYPER, a framework using Natural Language Processing (NLP) techniques to identify sentences that describe the need for a given permission in an application description, demonstrates great promise in using NLP techniques to bridge the semantic gap between user expectations and application functionality, further aiding the risk assessment of mobile applications.

A Conundrum of Permissions: Installing Applications on an Android Smartphone

It is found that the permissions displays are generally viewed and read, but not understood by Android users, and users are not currently well prepared to make informed privacy and security decisions around installing applications.