enhancing user privacy by permission removal in android phones

Presented by

Niha Noorain

Under the guidance of

Mrs. Shylaja L.N., B.E., M.Tech.

Associate Professor

Department of Information Science and Engineering

Introduction

Android structure

Existing system

Proposed system

Experimental setup

Permissions selection

Permissions removal

Android App permissions

Repackaging android apps

Observations

Conclusion

References

Mobile devices are now being used for many tasks.

Sensitive information is stored on a mobile device,

therefore user privacy is most important factor.

Most common OS is Android.

Google play store uses blacklist style of accepting

android apps.

Android apps are stored in APK file.

Figure 1. Overview of an

APK file structure

Apps are installed via google play store platform.

Before installing an app, user is presented with a list

of permissions that app requires.

Figure 2. Example of AndroidManifest.xml

In an android system it is identified that many apps

are over privileged.

Extra permissions may unnecessarily deter users

from installing applications.

It unnecessarily accustom users to accepting lots of

permissions.

Permission removal is relatively new but promising approach.

This approach does not require modifications to the android OS.

The methodology includes:

Experimental setup

Permission selection

Permissions removal

It includes choosing of applications to be examined

and repackaged.

A list of the applications selected along with the

permissions they requested upon installation.

The applications were chosen from the social

category of Google play store.

Table 1. App Permission Requests

Before a permission request is to be removed, it must first be

selected to be removed.

When selecting a permission to remove or block, it must not

affect the major functions of an app.

In order to determine what permissions are requested by each

application, the app was first decompiled.

The AndroidManifest.xml file obtained can then be read with

any plain-text editor.

Figure 3. Permissions

selection process

Permissions removal is used in order to improve

user privacy on android devices.

It is the process wherein an application’s package

installer is reverse engineered to remove privacy-

intruding permissions.

Figure 4. Ideal permissions removal process

It is found that the most commonly requested permissions were INTERNET, WAKE_LOCK and WRITE_EXTERNAL_STORAGE.

The next most common among the apps examined were the ACCESS_NETWORK_STATE, GET_ACCOUNTS and READ_CONTACTS permissions.

Figure 5. Alternative removal process

Angry Birds ACCESS_NETWORK_STATE

ACCESS_WIFI-STATE

ACCESS_PHONE_STATE

WRITE_EXTERNAL_STORAGE

BILLING

Rmaps INTERNET

ACCESS_FINE_LOCATION

ACCESS_COARSE_LOCATION

Whatsapp

From the results, it can be determined that it is

indeed possible to remove permission requests from

applications via reverse engineering and result in a

usable and privacy friendly application

The process undertaken on permissions removal

was manually completed, therefore future research

recommendations include automating this process.

[1] Quang Do,Ben Martini and Kim-Kwang Raymond Choo, “Enhancing User Privacy on Android Mobile Devices via Permissions Removal”, 47th Hawaii International Conference on System Science, 2014.

[2] Jonas Helfer and Ty Lin, “Giving the User Control over Android Permissions”, 6.858 Final Project - Fall 2012, December 2012.

[3] Wichien Choosilp and Yujian Fu, “A Case Study of Malware Detection and Removal in Android Apps”, International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol. 4, No.2, April 2014.