Android Permissions Remystified: A Field Study on Contextual Integrity

TitleAndroid Permissions Remystified: A Field Study on Contextual Integrity
Publication TypeConference Paper
Year of Publication2015
AuthorsWijesekera, P., Baokar A., Hosseini A., Egelman S., Wagner D., & Beznosov K.
Published inProceedings of the 24th USENIX Security Symposium
PublisherUSENIX Assoc.
Place PublishedBerkeley, CA, USA
Abstract

We instrumented the Android platform to collect data regarding how often and under what circumstances smartphone applications access protected resources regulated by permissions. We performed a 36-person field study to explore the notion of “contextual integrity,” i.e., how often applications access protected resources when users are not expecting it. Based on our collection of 27M data points and exit interviews with participants, we examine the situations in which users would like the ability to deny applications access to protected resources. At least 80% of our participants would have preferred to prevent at least one permission request, and overall, they stated a desire to block over a third of all requests. Our findings pave the way for future systems to automatically determine the situations in which users would want to be confronted with security decisions.

URLhttps://blues.cs.berkeley.edu/wp-content/uploads/2015/08/sec15.pdf
ICSI Research Group

Usable Security and Privacy