enhancing user privacy by permission removal in android phones
TRANSCRIPT
Presented by
Niha Noorain
Under the guidance of
Mrs. Shylaja L.N., B.E., M.Tech.
Associate Professor
Department of Information Science and Engineering
Introduction
Android structure
Existing system
Proposed system
Experimental setup
Permissions selection
Permissions removal
Android App permissions
Repackaging android apps
Observations
Conclusion
References
Mobile devices are now being used for many tasks.
Sensitive information is stored on a mobile device,
therefore user privacy is most important factor.
Most common OS is Android.
Google play store uses blacklist style of accepting
android apps.
Android apps are stored in APK file.
Figure 1. Overview of an
APK file structure
Apps are installed via google play store platform.
Before installing an app, user is presented with a list
of permissions that app requires.
Figure 2. Example of AndroidManifest.xml
In an android system it is identified that many apps
are over privileged.
Extra permissions may unnecessarily deter users
from installing applications.
It unnecessarily accustom users to accepting lots of
permissions.
Permission removal is relatively new but promising approach.
This approach does not require modifications to the android OS.
The methodology includes:
Experimental setup
Permission selection
Permissions removal
It includes choosing of applications to be examined
and repackaged.
A list of the applications selected along with the
permissions they requested upon installation.
The applications were chosen from the social
category of Google play store.
Table 1. App Permission Requests
Before a permission request is to be removed, it must first be
selected to be removed.
When selecting a permission to remove or block, it must not
affect the major functions of an app.
In order to determine what permissions are requested by each
application, the app was first decompiled.
The AndroidManifest.xml file obtained can then be read with
any plain-text editor.
Figure 3. Permissions
selection process
Permissions removal is used in order to improve
user privacy on android devices.
It is the process wherein an application’s package
installer is reverse engineered to remove privacy-
intruding permissions.
Figure 4. Ideal permissions removal process
It is found that the most commonly requested permissions were INTERNET, WAKE_LOCK and WRITE_EXTERNAL_STORAGE.
The next most common among the apps examined were the ACCESS_NETWORK_STATE, GET_ACCOUNTS and READ_CONTACTS permissions.
Figure 5. Alternative removal process
Angry Birds ACCESS_NETWORK_STATE
ACCESS_WIFI-STATE
ACCESS_PHONE_STATE
WRITE_EXTERNAL_STORAGE
BILLING
Rmaps INTERNET
ACCESS_FINE_LOCATION
ACCESS_COARSE_LOCATION
From the results, it can be determined that it is
indeed possible to remove permission requests from
applications via reverse engineering and result in a
usable and privacy friendly application
The process undertaken on permissions removal
was manually completed, therefore future research
recommendations include automating this process.
[1] Quang Do,Ben Martini and Kim-Kwang Raymond Choo, “Enhancing User Privacy on Android Mobile Devices via Permissions Removal”, 47th Hawaii International Conference on System Science, 2014.
[2] Jonas Helfer and Ty Lin, “Giving the User Control over Android Permissions”, 6.858 Final Project - Fall 2012, December 2012.
[3] Wichien Choosilp and Yujian Fu, “A Case Study of Malware Detection and Removal in Android Apps”, International Journal of Mobile Network Communications & Telematics ( IJMNCT) Vol. 4, No.2, April 2014.