Revisiting Permission Piggybacking of Third-Party Libraries in Android Apps

Kris Heid; Elena  Julia Sonntag; Jens Heider

doi:10.5220/0013126500003899

Revisiting Permission Piggybacking of Third-Party Libraries in Android Apps

Kris Heid, Elena Julia Sonntag, Jens Heider

2025

Abstract

Permissions have been employed to let the user decide on components an app can interact with. However, apps typically consist of the main app along with several libraries to support the developer with various functionality and tasks. The fact that libraries inherit the permissions of the main app gives these libraries often more rights than needed for their core functionality. Many libraries do permission piggybacking and thus probe available permissions without requesting permissions themselves and adapt their behavior accordingly. Especially, advertisement and tracking libraries show high interest to collect as much user data as possible through this technique. Many works have previously addressed this problem but no solution has made its way into Android. This work delivers a novel analysis technique agnostic to the Android API level without manual mapping effort like previous works. Our results show, that permission piggybacking remains a problem to be urgently addressed.

Download

Paper Citation

in Harvard Style

Heid K., Sonntag E. and Heider J. (2025). Revisiting Permission Piggybacking of Third-Party Libraries in Android Apps. In Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP; ISBN 978-989-758-735-1, SciTePress, pages 39-46. DOI: 10.5220/0013126500003899

in Bibtex Style

@conference{icissp25,
author={Kris Heid and Elena Sonntag and Jens Heider},
title={Revisiting Permission Piggybacking of Third-Party Libraries in Android Apps},
booktitle={Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP},
year={2025},
pages={39-46},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013126500003899},
isbn={978-989-758-735-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP
TI - Revisiting Permission Piggybacking of Third-Party Libraries in Android Apps
SN - 978-989-758-735-1
AU - Heid K.
AU - Sonntag E.
AU - Heider J.
PY - 2025
SP - 39
EP - 46
DO - 10.5220/0013126500003899
PB - SciTePress