Android Permissions Remystified: A Field Study on Contextual Integrity (1504.03747v1)

Abstract: Due to the amount of data that smartphone applications can potentially access, platforms enforce permission systems that allow users to regulate how applications access protected resources. If users are asked to make security decisions too frequently and in benign situations, they may become habituated and approve all future requests without regard for the consequences. If they are asked to make too few security decisions, they may become concerned that the platform is revealing too much sensitive information. To explore this tradeoff, we instrumented the Android platform to collect data regarding how often and under what circumstances smartphone applications are accessing protected resources regulated by permissions. We performed a 36-person field study to explore the notion of "contextual integrity," that is, how often are applications accessing protected resources when users are not expecting it? Based on our collection of 27 million data points and exit interviews with participants, we examine the situations in which users would like the ability to deny applications access to protected resources. We found out that at least 80% of our participants would have preferred to prevent at least one permission request, and overall, they thought that over a third of requests were invasive and desired a mechanism to block them.

• The paper found that 75.1% of permission requests happen invisibly and users would block 35% of permissions if shown contextual screenshots.
• User decisions to block permissions are heavily influenced by whether the app is visible or running invisibly in the background.
• Findings suggest future permission systems should use dynamic, contextual dialogues tailored to user behavior and app visibility.

Analyzing User Expectations in Mobile App Permissions: A Study on Android's Contextual Integrity

The paper "Android Permissions Remystified: A Field Study on Contextual Integrity" investigates the dynamics of smartphone application permissions, the frequency and context in which they occur, and user perceptions surrounding them. Conducted by Wijesekera et al., at both the University of British Columbia and the University of California, Berkeley, the field paper aims to offer insights into the contextual integrity of Android's permission system through a combination of empirical data collection and user surveys.

Permission Dynamics in Mobile Platforms

Android, like other mobile operating systems, employs permission models to regulate application access to sensitive resources including personal data and sensor information. Despite the intention for these models to afford users control over their data privacy, the reality is often compromised by user habituation and insufficient clarity about application needs at the point of permission requests. The paper highlights that existing permissions systems can sometimes fail to align with user expectations of privacy, thereby challenging the principle of contextual integrity as posited by Nissenbaum.

Data Collection and User Perception

The authors modified Android to log every access an app made to permissions-protected resources, accumulating 27 million data points from 36 participants over a week. The paper showed that 75.1% of these requests occurred when the applications were invisible to the user—either running in the background or while the device screen was off. Participants, often uninformed or surprised by these invisible requests, expressed preferences to block 35% of permissions when confronted with screenshots of their device at the time of access.

Implications for Permission Models

Through exit surveys, participants revealed key decision factors around blocking permissions: perceived irrelevance to app functionality and privacy concerns. Interestingly, blocking decisions were heavily influenced by the visibility and activity of the requesting application. Invisible requests were substantially more likely to be deemed invasive compared to requests originating from apps that the user was actively engaging with.

Modeling User Preferences

The paper attempted to build a predictive model of user blocking behavior based on the permission type and user context data collected. The mixed-effects binary logistic regression models indicated significant variance attributing the decision to block permissions to individual user preferences and the situational context of the permissions request, suggesting that system designers need granular, adaptable solutions for user permissions.

Future Prospects and Recommendations

The paper’s findings suggest crucial improvements for future permission systems: prioritizing runtime permission dialogues tailored to individual user behaviors and contexts to preserve contextual integrity. This involves dynamically adjusting notifications based on app visibility and inferring the necessity of permissions, to reduce user habituation and raise security awareness. Moving forward, further research is recommended to explore more sophisticated contextual cues and feedback mechanisms that better inform user decisions and enhance transparency in permissions usage.

In essence, the paper provides a significant contribution to the ongoing discourse on mobile security, advocating for more nuanced, user-centered permission systems that adeptly balance transparency, security, and usability.