Table 1: Number of different UI events (UIE), identified
context (CTX) and resource access (contextualized/total).
Package (version) UIE CTX Cam Loc Mic Sto
Amazon ( 59 20 3/3 20/59
Ebay ( 15 8 3/5 6/13 3/3
Facebook-katana (353. 36 27 2/2 19/25 15/17
Google Earth ( 39 21 5/6 3/4
Instagram ( 14 11 11/13 2/2
Shazam (12.6.0) 98 29 6/6 1/1
Spotify (2.0.45) 61 21 4/4
Sticker Maker (0.0.2-82) 14 5 1/10 4/4
Translate ( 44 22 9/22 4/4 12/20
VideoLan (3.4.3) 27 12 2/2
be explicitly authorized by the user. However, once
a permission is granted the mobile application is al-
lowed to access the related resource until the grant is
explicitly removed or the app is uninstalled. Thus,
there is the possibility that an app uses resources like
the camera or the GPS within several different fea-
tures, making difficult for the user to discriminate
among the feature that are allowed to access the per-
mission and those that should be blocked.
To assess the effectiveness of the tool to automat-
ically discriminate between different kind of accesses
to the same sensitive resource, we conducted a pre-
liminary study on 10 popular app. The apps have
bee automatically run by using the Monkey, a pro-
gram that generates pseudo-random streams of user
events such as clicks, touches, or gestures, as well as a
number of system-level events (Google, 2022b). The
results confirm that, in many cases, when the app ac-
cesses to a sensitive resource, this is done in more then
one context. Even if the most recent versions of An-
droid improved the awareness enforcing the privacy
protection mechanism by means of special led indi-
cators, nothing prevents the app from exploiting the
acquired permission.
As future work, we plan to conduct a large scale
analysis of the apps published in the Play Store
investigate how much widespread the problem is.
RPCDroid: Runtime Identification of Permission Usage Contexts in Android Applications