How Much Privilege Does an App Need? Investigating Resource Usage of Android Apps (Short Paper)
| Autor: | Lothar Fritsch, Nurul Momen, Tobias Pulls, Stefan Lindskog |
|---|---|
| Rok vydání: | 2017 |
| Předmět: |
Computer science
business.industry Principle of least privilege Internet privacy Short paper 020207 software engineering Access control 02 engineering and technology Explicit consent 020204 information systems 0202 electrical engineering electronic engineering information engineering Android (operating system) Unavailability business Mobile device Personally identifiable information |
| Zdroj: | PST |
| DOI: | 10.1109/pst.2017.00039 |
| Popis: | Arguably, one of the default solutions to many of today's everyday errands is to install an app. In order to deliver a variety of convenient and user-centric services, apps need to access different types of information stored in mobile devices, much of which is personal information. In principle, access to such privacy sensitive data should be kept to a minimum. In this study, we focus on privilege utilization patterns by apps installed on Android devices. Though explicit consent is required prior to first time access to the resource, the unavailability of usage information makes it unclear when trying to reassess the users initial decision. On the other hand, if granted privilege with little or no usage, it would suggest the likely violation of the principle of least privilege. Our findings illustrate a plausible requirement for visualising resource usage to aid the user in their decisionmaking and finer access control mechanisms. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|