1 / 15

Android Permissions User Guide

Android Permissions User Guide. Byron Alleman Will Galloway Jesse McCall. Permission Based Security Model. Users can only use features for which their permissions grant them access Abstracts the hierarchy system More freedom than the hierarchy system

lovie
Download Presentation

Android Permissions User Guide

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Android Permissions User Guide Byron Alleman Will Galloway Jesse McCall

  2. Permission Based Security Model • Users can only use features for which their permissions grant them access • Abstracts the hierarchy system • More freedom than the hierarchy system • More secure in theory because nothing is trusted unless they have permissions • Pretty much pioneered by Android

  3. Android Permissions Overview • Android treats all applications as untrustworthy users • Each app runs in its own virtual machine • If an application has special needs it must request permission • Attempting to access a system feature that the application doesn’t have permission for either results in the feature not starting or a security error

  4. Android Permissions Continued… • Requested permissions are displayed in the Play store • Android assigns the application a unique linux user ID • Permissions requested by an application are declared in the application’s AndroidManifest.xml file

  5. Pros Cons • Applications should only have access to features they require to function as intended • Ideally applications wont be able to negatively impact other applications or the user • Applications can request more permissions than they require • Leaves system open to possible malicious attack

  6. Types of Permissions • Normal • Low-risk permissions • Automatically granted • Example: Flashlight, Read SD card contents • Dangerous • Higher-risk permissions that the user must confirm before installing the application • Can negatively impact the user • Example: Internet Access, Send SMS

  7. Types of Permissions continued • Signature • Permissions that the system only grants if the requesting application is signed with the same certificate as the application that declared the permission. • Automatically granted • Signature/System • Permissions that the system only grants to apps that are in the Android system image or signed with the same certificate • Automatically granted

  8. Application Defined Permissions • Applications can enforce their own defined permissions. • Ensures self-protection and preservation of the application. • Applications can specify exactly what outside applications can access of its resources.

  9. The Problem • Many users don’t understand the permissions system • Many users ignore the permissions • Permission descriptions aren’t always clear • Permission location can easily be overlooked in the Play store

  10. Survey Results • 51.9% of surveyed always read permissions before downloading an app • 44.3% of surveyed feel that all permissions are easy to comprehend • 78.2% of surveyed have decided not to install an app based on its permissions

  11. How to Fix • Educate users about permissions and their impact • Locate potentially hazardous applications on the device • Better layout for permissions on the Play Store • Advise users to be cautious when downloading from the third party app stores (like Amazon Market)

  12. Other Applications • Pocket Permissions • App Profiles • DroidRanger • Stowaway

  13. Our App • Lists all permissions used by apps, grouped by apps • Lists all apps that use each permission • List apps that have a high risk based on permissions • User guide to permissions • Explains permissions • Show the risk of each permission • Tips for Android safety

  14. DEMO

  15. QUESTIONS?

More Related