This paper is about Android Permissions and figures out if developers use the least permission system or tries to gain as many permissions as possible. In order to accomplish this, they created a program called Stowaway that analyzed the API calls and compared the API calls to a permission map to see if some apps are over privileged. On the test set of about 1k apps, only about 1/3 are over privileged. Within these, about half only ask for one more permission than necessary. And only about 6% ask for 4 or more permissions than needed.
This over privileged nature of apps can be partially attributed to a confusing permission map and developers have to check blogs and ask questions and in the end many developers have to guess. Developers also add permissions because they believe it is needed to make their application function properly. Most of the problems occur due to lack of developer understanding.
http://dl.acm.org/citation.cfm?id=2046707.2046779
No comments:
Post a Comment