1 / 26

Permission Evolution in the Android Ecosystem

Permission Evolution in the Android Ecosystem. Xuetao Wei, Lorenzo Gomez, Iulian Neamtiu , Michalis Faloutsos Department of Computer Science and Engineering University of California, Riverside. Outline. The A ndroid P latform Basics Dataset Description Platform Permission Evolution

gwylan
Download Presentation

Permission Evolution in the Android Ecosystem

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Permission Evolution in the Android Ecosystem Xuetao Wei, Lorenzo Gomez, IulianNeamtiu, MichalisFaloutsos Department of Computer Science and Engineering University of California, Riverside

  2. Outline • The Android Platform Basics • Dataset Description • Platform Permission Evolution • Third-Party Apps • Pre-Installed Apps • Suggestions • Conclusion

  3. Android Platform • In this paper we studied all major API levels, from level 3 (April 2009) to level 15 (December 2011).

  4. Android Apps • Third-party • apps are available for download from Google Play and other app stores. • Pre-installed • apps come along with the devices from the vendors.

  5. Android Permissions • Protection Level • Normal • Dangerous • Signature • SignatureOrSystem • Functionality categories • Cost Money, Message, Personal Info, Location, Network, Accounts, Hard-ware Controls, Phone Calls, Storage, System Tools and Development Tools.

  6. Apps Permissions Dataset • Third-Party Apps (237 apps with 1,703 versions) • 1,420 apps with 4,857 versions • we selected only those apps that had at least one version each year between 2009 and 2012. • we obtained the stable dataset of 237 apps with 1,703 versions, with each app's evolution spanning at least three years.

  7. Apps Permissions Dataset (Cont.) • Pre-Installed App (346 apps with 1,714 versions) • We gathered the firmware of multiple phone vendors - HTC, Motorola, Samsung, and LG - from various online sources. • we unpacked the firmware and extracted the pre-installed apps inside. • we collected 69 firmware over the years which contained 346 pre-installed apps with 1,714 versions.

  8. Apps Permissions Dataset (Cont.) • Permission collection • use the tool aapt on each app version to extract the AndroidManifest.xml file. • parse the manifest files to get the full list of the permissions used by each app version.

  9. The List of Permissions is Growing

  10. The List of Permissions is Growing (Cont.) • we find that the Default, System_Tools and Development_Toolscategories contribute to most of the increases.

  11. Dangerous Group is Largest and Growing • Most of them are from personal data-related categories, e.g., PERSONAL_INFO, STORAGE and ACCOUNTS.

  12. Why are Permissions Added or Deleted? • Because new functionality • NFC, WiMAX, 4G… • Accommodate new smartphone features • READ_PROFILE and READ_SOCIAL_STREAM replace READ_OWNER_DATA. • Some permissions are made available to public without manifest-declared. • BACKUP_DATA

  13. Why are Permissions Added or Deleted? (Cont.)

  14. No Tendency Toward Finer-grained Permissions

  15. Third-Party Apps Permission Additions Dominate

  16. What is the primary cause for the permission additions? • Android apps became more aggressive in asking for resources, by asking for new permissions.

  17. Apps Want More Dangerous Permissions • 66.11% of permission increases in apps required at least one more Dangerous permission.

  18. Macro Evolution Patterns • For all apps have any permission change

  19. Micro Evolution Patterns • Location Permission • ACCESS_COARSE_LOCATION • ACCESS_FINE_LOCATION

  20. Permission Trajectories

  21. Apps Are Becoming Over privileged • To detect over privilege, we ran the Stowaway tool on the stable dataset (1,703 app versions).

  22. Apps Are Becoming Over privileged (Cont.)

  23. Pre-Installed Apps • 62.61% of pre-installed apps do not change their permissions at all.

  24. Pre-Installed Apps (Cont.) • the vendors also have the ability to dene their own permissions inside the platform when they customize the Android platform for their devices. • HTC_APP_UPDATE • 66.1% of pre-installed apps were over privileged • HTCLogger

  25. Suggestions • Securing the ecosystem must start at the Android platform. • App certification should enforce checks against over-privileged requests. • App permission evolution and fluctuation indicate developer confusion in selecting legitimate permissions. • Pre-installed apps need more security.

  26. Conclusion • We have investigated how Android permission and their use evolve in the Android ecosystem. • The number of permissions defined in Android platform tends to increase. • Permissions cater to hardware manufacturers and their apps, rather than third-party developers.

More Related