A Conundrum of Permissions: Installing Applications on an Android Smartphone

  • Patrick Gage Kelley
  • Sunny Consolvo
  • Lorrie Faith Cranor
  • Jaeyeon Jung
  • Norman Sadeh
  • David Wetherall
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7398)

Abstract

Each time a user installs an application on their Android phone they are presented with a full screen of information describing what access they will be granting that application. This information is intended to help them make two choices: whether or not they trust that the application will not damage the security of their device and whether or not they are willing to share their information with the application, developer, and partners in question. We performed a series of semi-structured interviews in two cities to determine whether people read and understand these permissions screens, and to better understand how people perceive the implications of these decisions. We find that the permissions displays are generally viewed and read, but not understood by Android users. Alarmingly, we find that people are unaware of the security risks associated with mobile apps and believe that app marketplaces test and reject applications. In sum, users are not currently well prepared to make informed privacy and security decisions around installing applications.

Keywords

privacy security android applications smartphone permissions information design 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Au, K.W.Y., Zhou, Y.F., Huang, Z., Gill, P., Lie, D.: Short paper: a look at smartphone permission models. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM 2011 (2011)Google Scholar
  2. 2.
    Barra, H.: Android: momentum, mobile and more at Google I/O. The Official Google Blog (2011), http://googleblog.blogspot.com/2011/05/android-momentum-mobile-and-more-at.html
  3. 3.
    Barrera, B., Kayacik, H.G., van Oorschot, P.C., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to android. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010 (2010)Google Scholar
  4. 4.
    Enck, W., Gilbert, P., Chun, B., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, OSDI 2010 (2010)Google Scholar
  5. 5.
    Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android Permissions Demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011 (2011)Google Scholar
  6. 6.
    Gartner: Gartner Says Sales of Mobile Devices Grew 5.6 Percent in Third Quarter of 2011; Smartphone Sales Increased 42 Percent (2011), http://www.gartner.com/it/page.jsp?id=1848514
  7. 7.
    Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren’t the droids you’re looking for: retrofitting android to protect data from imperious applications. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011 (2011)Google Scholar
  8. 8.
    Juniper Networks. Mobile Malware Development Continues To Rise, Android Leads The Way (2011), http://globalthreatcenter.com/?p=2492
  9. 9.
    Kelley, P.G., Bresee, J., Cranor, L.F., Reeder, R.: A ”nutrition label” for privacy. In: The 5th Symposium on Usable Privacy and Security, SOUPS 2009 (2009)Google Scholar
  10. 10.
    Kleimann Communication Group, Inc. Evolution of a Prototype Financial Privacy Notice (2006), http://www.ftc.gov/privacy/privacyinitiatives/ftcfinalreport060228.pdf
  11. 11.
    McAfee Labs. McAfee Threats Report: Third Quarter 2011 (2011), http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q3-2011.pdf
  12. 12.
    Namestnikov, Y.: IT Threat Evolution: Q3 2011 (2011), http://www.securelist.com/en/analysis/204792201/IT_Threat_Evolution_Q3_2011
  13. 13.
    Rosenberg, J.: The meaning of open. The Official Google Blog (2011), http://googleblog.blogspot.com/2009/12/meaning-of-open.html
  14. 14.
    Smetters, D.K., Good, N.: How users use access control. In: Proceedings of the 5th Symposium on Usable Privacy and Security, SOUPS 2009 (2009)Google Scholar
  15. 15.
    Vidas, T., Christin, N., Cranor, L.F.: Curbing Android Permission Creep. In: W2SP 2011 (2011)Google Scholar
  16. 16.
    Wetherall, D., Choffnes, D., Greenstein, B., Han, S., Hornyack, P., Jung, J., Schechter, S., Wang, X.: Privacy Revelations for Web and Mobile Apps. In: HotOS 2011 (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Patrick Gage Kelley
    • 1
  • Sunny Consolvo
    • 3
  • Lorrie Faith Cranor
    • 1
  • Jaeyeon Jung
    • 2
  • Norman Sadeh
    • 1
  • David Wetherall
    • 3
  1. 1.Carnegie MellonUSA
  2. 2.Microsoft ResearchUSA
  3. 3.University of WashingtonUSA

Personalised recommendations