Small Changes, Big Changes: An Updated View on the Android Permission System

  • Yury ZhauniarovichEmail author
  • Olga GadyatskayaEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9854)


Since the appearance of Android, its permission system was central to many studies of Android security. For a long time, the description of the architecture provided by Enck et al. in [31] was immutably used in various research papers. The introduction of highly anticipated runtime permissions in Android 6.0 forced us to reconsider this model. To our surprise, the permission system evolved with almost every release. After analysis of 16 Android versions, we can confirm that the modifications, especially introduced in Android 6.0, considerably impact the aptness of old conclusions and tools for newer releases. For instance, since Android 6.0 some signature permissions, previously granted only to apps signed with a platform certificate, can be granted to third-party apps even if they are signed with a non-platform certificate; many permissions considered before as threatening are now granted by default. In this paper, we review in detail the updated system, introduced changes, and their security implications. We highlight some bizarre behaviors, which may be of interest for developers and security researchers. We also found a number of bugs during our analysis, and provided patches to AOSP where possible.


Android security Permission system Runtime permissions Compatibility challenges 


  1. 1.
    Android Open Source Project. Accessed 31 Mar 2016
  2. 2.
    Commit 2af5708: Add per UID control to app ops.
  3. 3.
    Commit 2ca2c87: More adjustments to permissions.
  4. 4.
    Commit 33f5ddd: Add permissions associated with app ops.
  5. 5.
    Commit 3e7d977: Grant installer and verifier install permissions robustly.
  6. 6.
    Commit 4516798: Moving launcher permission to framework.
  7. 7.
    Commit 6d2c0e5: Remove not needed contacts related permissions.
  8. 8.
    Commit a90c8de: Add new “preinstalled” permission flag.
  9. 9.
    Commit ccbf84f: Some system apps are more system than others.
  10. 10.
    Commit cfbfafe: Additional permissions aren’t properly disabled after toggling them off.
  11. 11.
    Commit de15eda: Scope WRITE_SETTINGS and SYSTEM_ALERT_WINDOW to an explicit toggle to enable in Settings.
  12. 12.
    Commit e639da7: New development permissions.
  13. 13.
    Dashboards. Accessed 31 Mar 2016
  14. 14.
    Google says Android has 1.4 billion active users. Accessed 31 Mar 2016
  15. 15.
  16. 16.
  17. 17.
    Not just for phones and tablets: what other devices run Android? Accessed 31 Mar 2016
  18. 18.
    Play store permissions change opens door to rogue apps. Accessed 31 Mar 2016
  19. 19.
  20. 20.
    Smartphone OS market share, 2015 Q2. Accessed 31 Mar 2016
  21. 21.
    Arp, D., Speizenbarth, M., Hubner, M., Gascon, H., Rieck, K.: DREBIN: effective and explainable detection of Android malware in your pocket. In: Proceedings of NDSS (2014)Google Scholar
  22. 22.
    Au, K., Zhou, Y.F., Huang, Z., Gill, P., Lie, D.: Short paper: a look at smartphone permission models. In: Proceedings of SPSM (2011)Google Scholar
  23. 23.
    Au, K.W.Y., Zhou, Y.F., Huang, Z., Lie, D.: PScout: analyzing the Android permission specification. In: Proceedings of CCS (2012)Google Scholar
  24. 24.
    Backes, M., Bugiel, S., Derr, E., Weisgerber, S., McDaniel, P., Octeau, D.: On demystifying the Android application framework: re-visiting Android permission specification analysis. In: Poster Session of IEEE EuroS&P (2016)Google Scholar
  25. 25.
    Barrera, D., Kayacik, H.G., van Oorschot, P.C., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to Android. In: Proceedings of CCS (2010)Google Scholar
  26. 26.
    Bartel, A., Klein, J., Le Traon, Y., Monperrus, M.: Automatically securing permission-based software by reducing the attack surface: an application to Android. In: Proceedings of ASE (2012)Google Scholar
  27. 27.
    Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Reza-Sadeghi, A., Shastry, B.: Towards taming privilege-escalation attacks on Android. In: Proceedings of NDSS (2012)Google Scholar
  28. 28.
    Chen, K.Z., Johnson, N., D’Silva, V., Dai, S., MacNamara, K., Magrino, T., Wu, E., Rinard, M., Song, D.: Contextual policy enforcement in Android applications with permission event graphs. In: Proceedings of NDSS (2013)Google Scholar
  29. 29.
    Conti, M., Crispo, B., Fernandes, E., Zhauniarovich, Y.: CRêPE: a system for enforcing fine-grained context-related policies on Android. IEEE Trans. Inf. Forensics Secur. 7(5), 1426–1438 (2012)CrossRefGoogle Scholar
  30. 30.
    Elenkov, N.: Android Security Internals: An In-Depth Guide to Android’s Security Architecture, 1st edn. No Starch Press, San Francisco (2014)Google Scholar
  31. 31.
    Enck, W., Ongtang, M., McDaniel, P.: Understanding Android security. IEEE Secur. Priv. Mag. 7(1), 50–57 (2009)CrossRefGoogle Scholar
  32. 32.
    Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of CCS (2009)Google Scholar
  33. 33.
    Fang, Z., Han, W., Li, D., Guo, Z., Guo, D., Wang, X.S., Qian, Z., Chen, H.: revDroid: code analysis of the side effects after dynamic permission revocation of Android apps. In: Proceedings of ASIACCS (2016)Google Scholar
  34. 34.
    Fang, Z., Han, W., Li, Y.: Permission based Android security: issues and countermeasures. Comput. Secur. 43, 205–218 (2014)CrossRefGoogle Scholar
  35. 35.
    Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of CCS (2011)Google Scholar
  36. 36.
    Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of SOUPS (2012)Google Scholar
  37. 37.
    Fragkaki, E., Bauer, L., Jia, L., Swasey, D.: Modeling and enhancing Android’s permission system. In: Proceedings of ESORICS (2013)Google Scholar
  38. 38.
    Fratantonio, Y., Bianchi, A., Robertson, W., Egele, M., Kruegel, C., Kirda, E., Vigna, G.: On the security and engineering implications of finer-grained access controls for Android developers and users. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 282–303. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  39. 39.
    Gadyatskaya, O., Massacci, F., Zhauniarovich, Y.: Security in the firefox OS and Tizen mobile platforms. IEEE Comput. 47(6), 57–63 (2014)CrossRefGoogle Scholar
  40. 40.
    Gibler, C., Crussell, J., Erickson, J., Chen, H.: AndroidLeaks: automatically detecting potential privacy leaks in Android applications on a large scale. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 291–307. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  41. 41.
    Jeon, J., Micinski, K.K., Vaughan, J.A., Fogel, A., Reddy, N., Foster, J.S., Millstein, T.: Dr. Android and Mr. Hide: fine-grained permissions in Android applications. In: Proceedings of SPSM (2012)Google Scholar
  42. 42.
    Murphy, M.: Libraries and dangerous permissions. Accessed 25 June 2016
  43. 43.
    Murphy, M.: Runtime permissions, files, and ACTION_SEND. Accessed 25 June 2016
  44. 44.
    Murphy, M.: You cannot hold non-existent permissions. Accessed 25 June 2016
  45. 45.
    Nauman, M., Khan, S., Zhang, X.: Apex: extending Android permission model and enforcement with user-defined runtime constraints. In: Proceedings of ASIACCS (2010)Google Scholar
  46. 46.
    Pandita, R., Xiao, X., Wang, W., Enck, W., Xie, T.: WHYPER: towards automating risk assessment of mobile applications. In: Proceedings of USENIX Security (2013)Google Scholar
  47. 47.
    Singh, K.: Practical context-aware permission control for hybrid mobile applications. In: Stolfo, S.J., Stavrou, A., Wright, C.V. (eds.) RAID 2013. LNCS, vol. 8145, pp. 307–327. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  48. 48.
    Vidas, T., Christin, N., Cranor, L.F.: Curbing Android permission creep. In: Proceedings of W2SP (2011)Google Scholar
  49. 49.
    Wei, X., Gomez, L., Neamtiu, I., Faloutsos, M.: Permission evolution in the Android ecosystem. In: Proceedings of ACSAC (2012)Google Scholar
  50. 50.
    Wijesekera, P., Baokar, A., Hosseini, A., Egelman, S., Wagner, D., Beznosov, K.: Android permissions remystified: a field study on contextual integrity. In: Proceedings of USENIX Security (2015)Google Scholar
  51. 51.
    Xing, L., Pan, X., Wang, R., Yuan, K., Wang, X.: Upgrading your Android, elevating my malware: privilege escalation through mobile OS updating. In: Proceedings of S&P (2014)Google Scholar
  52. 52.
    Zhang, Y., Yang, M., Xu, B., Yang, Z., Gu, G., Ning, P., Wang, X.S., Zang, B.: Vetting undesirable behaviors in Android apps with permission use analysis. In: Proceedings of CCS (2013)Google Scholar
  53. 53.
    Zhauniarovich, Y., Ahmad, M., Gadyatskaya, O., Crispo, B., Massacci, F.: StaDynA: addressing the problem of dynamic code updates in the security analysis of Android applications. In: Proceedings of CODASPY (2015)Google Scholar
  54. 54.
    Zhauniarovich, Y., Russello, G., Conti, M., Crispo, B., Fernandes, E.: MOSES: supporting and enforcing security profiles on smartphones. IEEE Trans. Dependable Secure Comput. 11(3), 211–223 (2014)CrossRefGoogle Scholar
  55. 55.
    Zhou, Y., Jiang, X.: Dissecting Android malware: characterization and evolution. In: Proceedings of S&P (2012)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Qatar Computing Research InstituteHBKUDohaQatar
  2. 2.SnTUniversity of LuxembourgLuxembourg CityLuxembourg

Personalised recommendations