Abstract

In the runtime permission model, the context in which a permission is requested/used the first time may change later without the user's knowledge. Prior research identifies user dissatisfaction on varying contexts of permission use in the install-time permission model. However, the contextual use of permissions by the apps that are developed/adapted for the runtime permission model has not been studied. Our goal is to understand how permissions are requested and used in different contexts in the runtime permission model, and compare them to identify potential abuse. We present ContextDroid, a static analysis tool to identify the contexts of permission request and use. Using this tool, we analyze 38,838 apps (from a set of 62,340 apps) from the Google Play Store. We devise a mechanism following the best practices and permission policy enforcement by Google to flag apps for using permissions in potentially unexpected contexts. We flag 30.20\% of the 38,838 apps for using permissions in multiple and dissimilar contexts. Comparison with VirusTotal shows that non-contextual use of permissions can be linked to unwanted/malicious behaviour: 34.72\% of the 11,728 flagged apps are also detected by VirusTotal (i.e., 64.70\% of the 6,295 VirusTotal detected apps in our dataset). We find that most apps don't show any rationale if the user previously denied a permission. Furthermore, 13\% (from the 22,567 apps with identified request contexts) apps show behaviour similar to the install-time permission model by requesting all dangerous permissions when the app is first launched. We hope this thesis will bring attention to non-contextual permission usage in the runtime model, and may spur research into finer-grained permission control.