An Investigation into Android Run-time Permissions from the End Users' Perspective

G.L. Scoccia, Ivano Malavolta, Marco Autili, Amleto Di Salle, Paola Inverardi

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

To protect the privacy of end users from intended or unintended
malicious behaviour, the Android operating system provides a
permissions-based security model that restricts access to privacy-
relevant parts of the platform. Starting with Android 6, the per-
mission system has been revamped, moving to a run-time model.
Users are now prompted for confirmation when an app attempts to
access a restricted part of the platform.
We conducted a large-scale empirical study to investigate how
end users perceive the new run-time permission system of Android,
collecting and inspecting over 4.3 million user reviews about 5,572
apps published in the Google Play Store. Among them, we iden-
tified, classified, and analyzed 3,574 permission-related reviews,
employing machine learning and Natural Language Processing
techniques. Out of the permission-related reviews, we determined
recurring points made by users about the new permission system
and classified them into a taxonomy. Results of our analysis sug-
gest that, even with the new system, permission-related issues are
widespread, with 8% of collected apps having user reviews with
negative comments about permissions. We identify a number of
points for improv
ement in the Android run-time permission system,
and provide recommendations for future research.
Original languageEnglish
Title of host publicationMOBILESoft '18 Proceedings of the 5th International Conference on Mobile Software Engineering and Systems
Place of PublicationNew York, NY
PublisherACM
Pages45-55
Number of pages11
ISBN (Print)9781450357128
DOIs
Publication statusPublished - 1 May 2018
EventMOBILESoft '18 Proceedings of the 5th International Conference on Mobile Software Engineering and Systems - Gothenburg, Sweden
Duration: 27 May 201828 May 2018
Conference number: 5

Conference

ConferenceMOBILESoft '18 Proceedings of the 5th International Conference on Mobile Software Engineering and Systems
Abbreviated titleMOBILESoft '18
CountrySweden
CityGothenburg
Period27/05/1828/05/18

Fingerprint

Application programs
Taxonomies
Learning systems

Cite this

Scoccia, G. L., Malavolta, I., Autili, M., Salle, A. D., & Inverardi, P. (2018). An Investigation into Android Run-time Permissions from the End Users' Perspective. In MOBILESoft '18 Proceedings of the 5th International Conference on Mobile Software Engineering and Systems (pp. 45-55). New York, NY: ACM. https://doi.org/10.1145/3197231.3197236
Scoccia, G.L. ; Malavolta, Ivano ; Autili, Marco ; Salle, Amleto Di ; Inverardi, Paola. / An Investigation into Android Run-time Permissions from the End Users' Perspective. MOBILESoft '18 Proceedings of the 5th International Conference on Mobile Software Engineering and Systems. New York, NY : ACM, 2018. pp. 45-55
@inproceedings{b15f6c3690474a43adcb04a5f16113ac,
title = "An Investigation into Android Run-time Permissions from the End Users' Perspective",
abstract = "To protect the privacy of end users from intended or unintendedmalicious behaviour, the Android operating system provides apermissions-based security model that restricts access to privacy-relevant parts of the platform. Starting with Android 6, the per-mission system has been revamped, moving to a run-time model.Users are now prompted for confirmation when an app attempts toaccess a restricted part of the platform.We conducted a large-scale empirical study to investigate howend users perceive the new run-time permission system of Android,collecting and inspecting over 4.3 million user reviews about 5,572apps published in the Google Play Store. Among them, we iden-tified, classified, and analyzed 3,574 permission-related reviews,employing machine learning and Natural Language Processingtechniques. Out of the permission-related reviews, we determinedrecurring points made by users about the new permission systemand classified them into a taxonomy. Results of our analysis sug-gest that, even with the new system, permission-related issues arewidespread, with 8{\%} of collected apps having user reviews withnegative comments about permissions. We identify a number ofpoints for improvement in the Android run-time permission system,and provide recommendations for future research.",
author = "G.L. Scoccia and Ivano Malavolta and Marco Autili and Salle, {Amleto Di} and Paola Inverardi",
year = "2018",
month = "5",
day = "1",
doi = "10.1145/3197231.3197236",
language = "English",
isbn = "9781450357128",
pages = "45--55",
booktitle = "MOBILESoft '18 Proceedings of the 5th International Conference on Mobile Software Engineering and Systems",
publisher = "ACM",

}

Scoccia, GL, Malavolta, I, Autili, M, Salle, AD & Inverardi, P 2018, An Investigation into Android Run-time Permissions from the End Users' Perspective. in MOBILESoft '18 Proceedings of the 5th International Conference on Mobile Software Engineering and Systems. ACM, New York, NY, pp. 45-55, MOBILESoft '18 Proceedings of the 5th International Conference on Mobile Software Engineering and Systems , Gothenburg, Sweden, 27/05/18. https://doi.org/10.1145/3197231.3197236

An Investigation into Android Run-time Permissions from the End Users' Perspective. / Scoccia, G.L.; Malavolta, Ivano; Autili, Marco; Salle, Amleto Di; Inverardi, Paola.

MOBILESoft '18 Proceedings of the 5th International Conference on Mobile Software Engineering and Systems. New York, NY : ACM, 2018. p. 45-55.

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

TY - GEN

T1 - An Investigation into Android Run-time Permissions from the End Users' Perspective

AU - Scoccia, G.L.

AU - Malavolta, Ivano

AU - Autili, Marco

AU - Salle, Amleto Di

AU - Inverardi, Paola

PY - 2018/5/1

Y1 - 2018/5/1

N2 - To protect the privacy of end users from intended or unintendedmalicious behaviour, the Android operating system provides apermissions-based security model that restricts access to privacy-relevant parts of the platform. Starting with Android 6, the per-mission system has been revamped, moving to a run-time model.Users are now prompted for confirmation when an app attempts toaccess a restricted part of the platform.We conducted a large-scale empirical study to investigate howend users perceive the new run-time permission system of Android,collecting and inspecting over 4.3 million user reviews about 5,572apps published in the Google Play Store. Among them, we iden-tified, classified, and analyzed 3,574 permission-related reviews,employing machine learning and Natural Language Processingtechniques. Out of the permission-related reviews, we determinedrecurring points made by users about the new permission systemand classified them into a taxonomy. Results of our analysis sug-gest that, even with the new system, permission-related issues arewidespread, with 8% of collected apps having user reviews withnegative comments about permissions. We identify a number ofpoints for improvement in the Android run-time permission system,and provide recommendations for future research.

AB - To protect the privacy of end users from intended or unintendedmalicious behaviour, the Android operating system provides apermissions-based security model that restricts access to privacy-relevant parts of the platform. Starting with Android 6, the per-mission system has been revamped, moving to a run-time model.Users are now prompted for confirmation when an app attempts toaccess a restricted part of the platform.We conducted a large-scale empirical study to investigate howend users perceive the new run-time permission system of Android,collecting and inspecting over 4.3 million user reviews about 5,572apps published in the Google Play Store. Among them, we iden-tified, classified, and analyzed 3,574 permission-related reviews,employing machine learning and Natural Language Processingtechniques. Out of the permission-related reviews, we determinedrecurring points made by users about the new permission systemand classified them into a taxonomy. Results of our analysis sug-gest that, even with the new system, permission-related issues arewidespread, with 8% of collected apps having user reviews withnegative comments about permissions. We identify a number ofpoints for improvement in the Android run-time permission system,and provide recommendations for future research.

U2 - 10.1145/3197231.3197236

DO - 10.1145/3197231.3197236

M3 - Conference contribution

SN - 9781450357128

SP - 45

EP - 55

BT - MOBILESoft '18 Proceedings of the 5th International Conference on Mobile Software Engineering and Systems

PB - ACM

CY - New York, NY

ER -

Scoccia GL, Malavolta I, Autili M, Salle AD, Inverardi P. An Investigation into Android Run-time Permissions from the End Users' Perspective. In MOBILESoft '18 Proceedings of the 5th International Conference on Mobile Software Engineering and Systems. New York, NY: ACM. 2018. p. 45-55 https://doi.org/10.1145/3197231.3197236