Realization of a user-centric, privacy preserving permission framework for Android
Article first published online: 21 MAR 2014
Copyright © 2014 John Wiley & Sons, Ltd.
Security and Communication Networks
Volume 8, Issue 3, pages 368–382, February 2015
How to Cite
2015), Realization of a user-centric, privacy preserving permission framework for Android, Security Comm. Networks, 8, pages 368–382, doi: 10.1002/sec.986, , and (
- Issue published online: 12 JAN 2015
- Article first published online: 21 MAR 2014
- Manuscript Accepted: 28 JAN 2014
- Manuscript Revised: 13 JAN 2014
- Manuscript Received: 13 MAR 2013
- mobile platforms;
Android has been steadily gaining market share, and the number of available applications is increasing at a healthy pace. Because of the myriad of third-party applications, privacy concerns are starting to surface in the community. Application developers usually request access to more system resources than are strictly required for their apps. However, the stock Android permission model does not allow users to selectively grant permissions. This is a well-known issue, but existing solutions to this problem are either too abstract or require detailed changes to the core model—making it difficult for both developers and users to accept them. In this paper, we present a fine-grained, user-centric permission model for Android that allows users to selectively grant permissions to applications that they install. Our model allows specification of permissions based on application and system attributes as well as simple yes or no policies. The model is kept as simple as possible, and its open source implementation is highly usable for the average end user. It requires minimal backward compatible changes to the core permission model and is shown to be highly efficient in terms of performance overhead. We present our model and point interested readers to our freely available changeset to help them use, evaluate, and improve our permission model. Copyright © 2014 John Wiley & Sons, Ltd.