Android permission system and user privacy — A review of concept and approaches

Abstract

Use of smartphones in our everyday life has become widely popular. A large proportion of smartphones use Android OS, which supports third party software development, so there is increasing number of developers developing applications for the android platform. But this means there are significant privacy risks associated with the use of android based smartphone applications. In this paper the process through which different apps gain access to sensitive device permissions when installed on an android devices is studied. More specifically we emphasize the difficulty for the user to understand how different device permissions can affect its privacy. The context and use-case for each permission affects its impact and when multiple permissions are granted determining the potential impact on the privacy of users becomes a much more complex problem. In this work we quantify the potential impact of the most important individual permissions and take some first steps towards an evaluation of privacy impact of multiple device permissions. It is also noted that many ‘free’ apps tend to request unnecessary or redundant permissions, often with the aim to gather valuable user data. This is discussed and some strategies to discourage such permission requesting are outlined. Some ideas for further development of this research are provided in the concluding discussion.