Android Permissions Remystified: A Field Study on Contextual Integrity
Title | Android Permissions Remystified: A Field Study on Contextual Integrity |
Publication Type | Conference Paper |
Year of Publication | 2015 |
Authors | Wijesekera, P., Baokar A., Hosseini A., Egelman S., Wagner D., & Beznosov K. |
Published in | Proceedings of the 24th USENIX Security Symposium |
Publisher | USENIX Assoc. |
Place Published | Berkeley, CA, USA |
Abstract | We instrumented the Android platform to collect data regarding how often and under what circumstances smartphone applications access protected resources regulated by permissions. We performed a 36-person field study to explore the notion of “contextual integrity,” i.e., how often applications access protected resources when users are not expecting it. Based on our collection of 27M data points and exit interviews with participants, we examine the situations in which users would like the ability to deny applications access to protected resources. At least 80% of our participants would have preferred to prevent at least one permission request, and overall, they stated a desire to block over a third of all requests. Our findings pave the way for future systems to automatically determine the situations in which users would want to be confronted with security decisions. |
URL | https://blues.cs.berkeley.edu/wp-content/uploads/2015/08/sec15.pdf |
ICSI Research Group | Usable Security and Privacy |