Login | Register

On Understanding Permission Usage Contextuality of Android Apps

Title:

On Understanding Permission Usage Contextuality of Android Apps

Hossen, Md Zakir (2018) On Understanding Permission Usage Contextuality of Android Apps. Masters thesis, Concordia University.

[thumbnail of thesis_submission_version.pdf]
Text (application/pdf)
thesis_submission_version.pdf - Accepted Version
Available under License Spectrum Terms of Access.
1MB

Abstract

In the runtime permission model, the context in which a permission is requested/used the first time may change later without the user's knowledge. Prior research identifies user dissatisfaction on varying contexts of permission use in the install-time permission model. However, the contextual use of permissions by the apps that are developed/adapted for the runtime permission model has not been studied. Our goal is to understand how permissions are requested and used in different contexts in the runtime permission model, and compare them to identify potential abuse. We present ContextDroid, a static analysis tool to identify the contexts of permission request and use. Using this tool, we analyze 38,838 apps (from a set of 62,340 apps) from the Google Play Store. We devise a mechanism following the best practices and permission policy enforcement by Google to flag apps for using permissions in potentially unexpected contexts. We flag 30.20\% of the 38,838 apps for using permissions in multiple and dissimilar contexts. Comparison with VirusTotal shows that non-contextual use of permissions can be linked to unwanted/malicious behaviour: 34.72\% of the 11,728 flagged apps are also detected by VirusTotal (i.e., 64.70\% of the 6,295 VirusTotal detected apps in our dataset). We find that most apps don't show any rationale if the user previously denied a permission. Furthermore, 13\% (from the 22,567 apps with identified request contexts) apps show behaviour similar to the install-time permission model by requesting all dangerous permissions when the app is first launched. We hope this thesis will bring attention to non-contextual permission usage in the runtime model, and may spur research into finer-grained permission control.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Thesis (Masters)
Authors:Hossen, Md Zakir
Institution:Concordia University
Degree Name:M.A. Sc.
Program:Information Systems Security
Date:December 2018
Thesis Supervisor(s):Mannan, Mohammad
ID Code:984794
Deposited By: Md Zakir Hossen
Deposited On:08 Jul 2019 12:46
Last Modified:08 Jul 2019 12:46
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top