Skip to main content
SpringerLink
Log in

A Conundrum of Permissions: Installing Applications on an Android Smartphone

  • Conference paper
Financial Cryptography and Data Security (FC 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7398))

Included in the following conference series:

Abstract

Each time a user installs an application on their Android phone they are presented with a full screen of information describing what access they will be granting that application. This information is intended to help them make two choices: whether or not they trust that the application will not damage the security of their device and whether or not they are willing to share their information with the application, developer, and partners in question. We performed a series of semi-structured interviews in two cities to determine whether people read and understand these permissions screens, and to better understand how people perceive the implications of these decisions. We find that the permissions displays are generally viewed and read, but not understood by Android users. Alarmingly, we find that people are unaware of the security risks associated with mobile apps and believe that app marketplaces test and reject applications. In sum, users are not currently well prepared to make informed privacy and security decisions around installing applications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 49.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Au, K.W.Y., Zhou, Y.F., Huang, Z., Gill, P., Lie, D.: Short paper: a look at smartphone permission models. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM 2011 (2011)

    Google Scholar 

  2. Barra, H.: Android: momentum, mobile and more at Google I/O. The Official Google Blog (2011), http://googleblog.blogspot.com/2011/05/android-momentum-mobile-and-more-at.html

  3. Barrera, B., Kayacik, H.G., van Oorschot, P.C., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to android. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010 (2010)

    Google Scholar 

  4. Enck, W., Gilbert, P., Chun, B., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, OSDI 2010 (2010)

    Google Scholar 

  5. Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android Permissions Demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011 (2011)

    Google Scholar 

  6. Gartner: Gartner Says Sales of Mobile Devices Grew 5.6 Percent in Third Quarter of 2011; Smartphone Sales Increased 42 Percent (2011), http://www.gartner.com/it/page.jsp?id=1848514

  7. Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren’t the droids you’re looking for: retrofitting android to protect data from imperious applications. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011 (2011)

    Google Scholar 

  8. Juniper Networks. Mobile Malware Development Continues To Rise, Android Leads The Way (2011), http://globalthreatcenter.com/?p=2492

  9. Kelley, P.G., Bresee, J., Cranor, L.F., Reeder, R.: A ”nutrition label” for privacy. In: The 5th Symposium on Usable Privacy and Security, SOUPS 2009 (2009)

    Google Scholar 

  10. Kleimann Communication Group, Inc. Evolution of a Prototype Financial Privacy Notice (2006), http://www.ftc.gov/privacy/privacyinitiatives/ftcfinalreport060228.pdf

  11. McAfee Labs. McAfee Threats Report: Third Quarter 2011 (2011), http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q3-2011.pdf

  12. Namestnikov, Y.: IT Threat Evolution: Q3 2011 (2011), http://www.securelist.com/en/analysis/204792201/IT_Threat_Evolution_Q3_2011

  13. Rosenberg, J.: The meaning of open. The Official Google Blog (2011), http://googleblog.blogspot.com/2009/12/meaning-of-open.html

  14. Smetters, D.K., Good, N.: How users use access control. In: Proceedings of the 5th Symposium on Usable Privacy and Security, SOUPS 2009 (2009)

    Google Scholar 

  15. Vidas, T., Christin, N., Cranor, L.F.: Curbing Android Permission Creep. In: W2SP 2011 (2011)

    Google Scholar 

  16. Wetherall, D., Choffnes, D., Greenstein, B., Han, S., Hornyack, P., Jung, J., Schechter, S., Wang, X.: Privacy Revelations for Web and Mobile Apps. In: HotOS 2011 (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Carnegie Mellon, USA

    Patrick Gage Kelley, Lorrie Faith Cranor & Norman Sadeh

  2. Microsoft Research, USA

    Jaeyeon Jung

  3. University of Washington, USA

    Sunny Consolvo & David Wetherall

Authors
  1. Patrick Gage Kelley
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sunny Consolvo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lorrie Faith Cranor
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jaeyeon Jung
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Norman Sadeh
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. David Wetherall
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. USC Information Sciences Institute, 4676 Admiralty Way, Suite 1001, 90292, Marina del Rey, CA, USA

    Jim Blyth

  2. Department of Computer Science, Stevens Institute of Technology, Castle Point on Hudson, 07030, Hoboken, NJ, USA

    Sven Dietrich

  3. Indiana University, 414 E First St, 47401, Bloomington, IN, USA

    L. Jean Camp

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N., Wetherall, D. (2012). A Conundrum of Permissions: Installing Applications on an Android Smartphone. In: Blyth, J., Dietrich, S., Camp, L.J. (eds) Financial Cryptography and Data Security. FC 2012. Lecture Notes in Computer Science, vol 7398. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34638-5_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-34638-5_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-34637-8

  • Online ISBN: 978-3-642-34638-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation