Skip to main content

A Conundrum of Permissions: Installing Applications on an Android Smartphone

  • Conference paper
Financial Cryptography and Data Security (FC 2012)

Abstract

Each time a user installs an application on their Android phone they are presented with a full screen of information describing what access they will be granting that application. This information is intended to help them make two choices: whether or not they trust that the application will not damage the security of their device and whether or not they are willing to share their information with the application, developer, and partners in question. We performed a series of semi-structured interviews in two cities to determine whether people read and understand these permissions screens, and to better understand how people perceive the implications of these decisions. We find that the permissions displays are generally viewed and read, but not understood by Android users. Alarmingly, we find that people are unaware of the security risks associated with mobile apps and believe that app marketplaces test and reject applications. In sum, users are not currently well prepared to make informed privacy and security decisions around installing applications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 49.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Au, K.W.Y., Zhou, Y.F., Huang, Z., Gill, P., Lie, D.: Short paper: a look at smartphone permission models. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM 2011 (2011)

    Google Scholar 

  2. Barra, H.: Android: momentum, mobile and more at Google I/O. The Official Google Blog (2011), http://googleblog.blogspot.com/2011/05/android-momentum-mobile-and-more-at.html

  3. Barrera, B., Kayacik, H.G., van Oorschot, P.C., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to android. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010 (2010)

    Google Scholar 

  4. Enck, W., Gilbert, P., Chun, B., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, OSDI 2010 (2010)

    Google Scholar 

  5. Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android Permissions Demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011 (2011)

    Google Scholar 

  6. Gartner: Gartner Says Sales of Mobile Devices Grew 5.6 Percent in Third Quarter of 2011; Smartphone Sales Increased 42 Percent (2011), http://www.gartner.com/it/page.jsp?id=1848514

  7. Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren’t the droids you’re looking for: retrofitting android to protect data from imperious applications. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011 (2011)

    Google Scholar 

  8. Juniper Networks. Mobile Malware Development Continues To Rise, Android Leads The Way (2011), http://globalthreatcenter.com/?p=2492

  9. Kelley, P.G., Bresee, J., Cranor, L.F., Reeder, R.: A ”nutrition label” for privacy. In: The 5th Symposium on Usable Privacy and Security, SOUPS 2009 (2009)

    Google Scholar 

  10. Kleimann Communication Group, Inc. Evolution of a Prototype Financial Privacy Notice (2006), http://www.ftc.gov/privacy/privacyinitiatives/ftcfinalreport060228.pdf

  11. McAfee Labs. McAfee Threats Report: Third Quarter 2011 (2011), http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q3-2011.pdf

  12. Namestnikov, Y.: IT Threat Evolution: Q3 2011 (2011), http://www.securelist.com/en/analysis/204792201/IT_Threat_Evolution_Q3_2011

  13. Rosenberg, J.: The meaning of open. The Official Google Blog (2011), http://googleblog.blogspot.com/2009/12/meaning-of-open.html

  14. Smetters, D.K., Good, N.: How users use access control. In: Proceedings of the 5th Symposium on Usable Privacy and Security, SOUPS 2009 (2009)

    Google Scholar 

  15. Vidas, T., Christin, N., Cranor, L.F.: Curbing Android Permission Creep. In: W2SP 2011 (2011)

    Google Scholar 

  16. Wetherall, D., Choffnes, D., Greenstein, B., Han, S., Hornyack, P., Jung, J., Schechter, S., Wang, X.: Privacy Revelations for Web and Mobile Apps. In: HotOS 2011 (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N., Wetherall, D. (2012). A Conundrum of Permissions: Installing Applications on an Android Smartphone. In: Blyth, J., Dietrich, S., Camp, L.J. (eds) Financial Cryptography and Data Security. FC 2012. Lecture Notes in Computer Science, vol 7398. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34638-5_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-34638-5_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-34637-8

  • Online ISBN: 978-3-642-34638-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics