Modern smartphone operating systems (OSs) have been developed with a greater emphasis on security and protecting privacy. One of the security mechanisms these systems use is permission system. We perform an analysis of the Android permission system in an attempt to begin answering some of the questions that have arisen about its design and implementation. We developed PScout, a tool that extracts the permission specification from the Android OS source code using static analysis and analyzed 5 versions of Android spanning version 2.2 up to the recently released Android 4.1. Our main findings are that while there is little redundancy in the permission specification, if applications could be constrained to only use documented APIs, then about 18-26% of the non-system permissions can be hidden. Finally, we find that a trade-off exists between enabling least-privilege security with fine-grained permissions and maintaining stability of the permission specification as the Android OS evolves.
Identifer | oai:union.ndltd.org:LACETR/oai:collectionscanada.gc.ca:OTU.1807/35108 |
Date | 18 March 2013 |
Creators | Au, Kathy Wain Yee |
Contributors | Lie, David |
Source Sets | Library and Archives Canada ETDs Repository / Centre d'archives des thèses électroniques de Bibliothèque et Archives Canada |
Language | en_ca |
Detected Language | English |
Type | Thesis |
Page generated in 0.0017 seconds