Authors:
Simone Aonzo
;
Giovanni Lagorio
and
Alessio Merlo
Affiliation:
University of Genoa, Italy
Keyword(s):
Android Security, Mobile Security, Privacy and Data Protection.
Related
Ontology
Subjects/Areas/Topics:
Information and Systems Security
;
Personal Data Protection for Information Systems
;
Security and Privacy in Mobile Systems
Abstract:
Android apps are generally over-privileged, i.e., they request more permissions than they actually need to
execute properly. Prior to version 6 users can install an app only by accepting all its requested permissions,
while newer Android versions allow users to dynamically grant/deny groups of permissions. Since some
them impact on users’ privacy, we argue that users should be granted control at the granularity of the single
permission. We propose a novel approach, which does not require any change to the underlying OS, allowing
users to selectively remove permissions from apps before installing them, and with a finer granularity. We
developed RmPerm, an open-source tool, that implements our methodology, and we present the viability of
our approach via an empirical assessment on 81K apps, underlining that, in the worst case, up to 86% of the
apps can execute without crashing when none of the requested privacy-related permissions are granted.