The Android OS market is experiencing a growing share globally. It is becoming the mobile platform of choice for an increasing number of users. People rely on Android mobile devices for surfing the web, purchasing products, or to be part of a social network. The large amount of personal information that is exchanged makes privacy an important concern. As a result, the trustability of mobile apps is a fundamental aspect to be considered, particularly with regard to meeting the expectations of end users. The rigidities of the Android permission model confine end users into a secondary role, offering the only option of choosing between either privacy or functionalities. In this paper, we aim at improving the trustability of Android apps by proposing a user-centric approach to the flexible management of Android permissions. The proposed approach empowers end users to selectively grant permission by specifying (i) the desired level of permissions granularity and (ii) the specific features of the app in which the chosen permission levels are granted. Four experiments have been designed, conducted, and reported for evaluating it. The experiments consider performance, usability, and acceptance from both the end user's and developer's perspective. Results confirm confidence on the approach.

Enhancing Trustability of Android Applications via User-Centric Flexible Permissions

Gian Luca Scoccia
;
Amleto Di Salle;Paola Inverardi
2021-01-01

Abstract

The Android OS market is experiencing a growing share globally. It is becoming the mobile platform of choice for an increasing number of users. People rely on Android mobile devices for surfing the web, purchasing products, or to be part of a social network. The large amount of personal information that is exchanged makes privacy an important concern. As a result, the trustability of mobile apps is a fundamental aspect to be considered, particularly with regard to meeting the expectations of end users. The rigidities of the Android permission model confine end users into a secondary role, offering the only option of choosing between either privacy or functionalities. In this paper, we aim at improving the trustability of Android apps by proposing a user-centric approach to the flexible management of Android permissions. The proposed approach empowers end users to selectively grant permission by specifying (i) the desired level of permissions granularity and (ii) the specific features of the app in which the chosen permission levels are granted. Four experiments have been designed, conducted, and reported for evaluating it. The experiments consider performance, usability, and acceptance from both the end user's and developer's perspective. Results confirm confidence on the approach.
2021
Android permissions, static analysis, trustability
File in questo prodotto:
File Dimensione Formato  
2021_TSE_47_Scoccia.pdf

non disponibili

Tipologia: Versione Editoriale (PDF)
Licenza: Non pubblico
Dimensione 4.29 MB
Formato Adobe PDF
4.29 MB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.12571/30355
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 15
  • ???jsp.display-item.citation.isi??? 6
social impact