%0 Conference Proceedings
%T On Understanding Permission Usage Contextuality in Android Apps
%+ Concordia Institute for Information Systems Engineering (CIISE)
%A Hossen, Md, Zakir
%A Mannan, Mohammad
%Z Part 5: Security Analysis and Private Evaluation
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 32th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec)
%C Bergamo, Italy
%Y Florian Kerschbaum
%Y Stefano Paraboschi
%I Springer International Publishing
%3 Data and Applications Security and Privacy XXXII
%V LNCS-10980
%P 232-242
%8 2018-07-16
%D 2018
%R 10.1007/978-3-319-95729-6_15
%K Android
%K Smartphone
%K Permission model
%K App analysis
%Z Computer Science [cs]Conference papers
%X In the runtime permission model, the context in which a permission is requested/used the first time may change later without the user’s knowledge. Our goal is to understand how permissions are requested and used in different contexts in the runtime permission model, and compare them to identify potential inconsistencies. We present ContextDroid, a static analysis tool to identify the contexts of permission request/use, and analyze 6,790 apps (chosen from an initial set of 10062 apps from the Google Play Store). Our preliminary results show that apps often use permissions in dissimilar contexts: 15% of the apps use the permissions in contexts where users are not prompted and may be unaware; 46% of the apps use the permissions in multiple contexts while only 20% of the apps request permissions in multiple contexts. We hope our study will attract more research into non-contextual usage (and possible abuse) of permissions in the runtime model, and may spur further work in the design of finer-grained permission control.
%G English
%Z TC 11
%Z WG 11.3
%2 https://inria.hal.science/hal-01954415/document
%2 https://inria.hal.science/hal-01954415/file/470961_1_En_15_Chapter.pdf
%L hal-01954415
%U https://inria.hal.science/hal-01954415
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-TC11
%~ IFIP-WG11-3
%~ IFIP-DBSEC
%~ IFIP-LNCS-10980