Session 18: Android ASIACCS’18, June 4–8, 2018, Incheon, Republic of Korea Droid M+: Developer Support for Imbibing Android's New Permission Model Ioannis Gasparis Azeem Aqil Zhiyun Qian University of California, Riverside University of California, Riverside University of California, Riverside
[email protected] [email protected] [email protected] Chengyu Song Srikanth V. Krishnamurthy Rajiv Gupta University of California, Riverside University of California, Riverside University of California, Riverside
[email protected] [email protected] [email protected] Edward Colbert U.S. Army Research Lab
[email protected] ABSTRACT 1 INTRODUCTION In Android 6.0, Google revamped its long criticized permission Application sandboxing and the permission system are key compo- model to prompt the user during runtime, and allow her to dynam- nents of modern mobile operating systems for protecting the users’ ically revoke granted permissions. Towards steering developers to personal data and privacy. Prior to Android 6.0, Android used the this new model and improve user experience, Google also provides ask-on-install permission model: (1) developers declare a set of guidelines on (a) how permission requests should be formulated (b) required permissions in the app’s manifest file, (2) at installation how to educate users on why a permission is needed and (c) how time, Android asks users to review the requested permissions and, to provide feedback when a permission is denied. In this paper we then (3) users either grant all the requested permissions or refuse the perform, to the best of our knowledge, the first measurement study installation.