Abstract
Cyberattacks and malware infestation are issues that surround most operating systems (OS) these days. In smartphones, Android OS is more susceptible to malware infection. Although Android has introduced several mechanisms to avoid cyberattacks, including Google Play Protect, dynamic permissions, and sign-in control notifications, cyberattacks on Android-based phones are prevalent and continuously increasing. Most malware apps use critical permissions to access resources and data to compromise smartphone security. One of the key reasons behind this is the lack of knowledge for the usage of permissions in users. In this paper, we introduce Permission-Educator, a cloud-based service to educate users about the permissions associated with the installed apps in an Android-based smartphone. We developed an Android app as a client that allows users to categorize the installed apps on their smartphones as system or store apps. The user can learn about permissions for a specific app and identify the app as benign or malware through the interaction of the client app with the cloud service. We integrated the service with a web server that facilitates users to upload any Android application package file, i.e. apk, to extract information regarding the Android app and display it to the user.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Android for Developers (2019). https://developer.android.com/. Accessed 24 Apr 2020
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 627–638. ACM (2011)
Schwarz, M., Weiser, S., Gruss, D., Maurice, C., Mangard, S.: Malware guard extension: using SGX to conceal cache attacks. In: Polychronakis, M., Meier, M. (eds.) DIMVA 2017. LNCS, vol. 10327, pp. 3–24. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-60876-1_1
Mathew, R.: Study of privilege escalation attack on android and its countermeasures (2012)
Mathur, A., Podila, L.M., Kulkarni, K., Niyaz, Q., Javaid, A.Y.: NATICUSdroid: a malware detection framework for android using native and custom permissions. J. Inf. Secur. Appl. 58, 102696 (2021)
Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N., Wetherall, D.: A conundrum of permissions: installing applications on an android smartphone. In: Blyth, J., Dietrich, S., Camp, L.J. (eds.) FC 2012. LNCS, vol. 7398, pp. 68–79. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34638-5_6
Alepis, E., Patsakis, C.: Unravelling security issues of runtime permissions in android. J. Hardw. Syst. Secur. 3(1), 45–63 (2018). https://doi.org/10.1007/s41635-018-0053-2
Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: SOUPS 2012 - Proceedings of the 8th Symposium on Usable Privacy and Security (2012)
Ramachandran, S., et al.: Understanding and granting android permissions: a user survey. In: Proceedings - International Carnahan Conference on Security Technology, pp. 1–6 (2017)
Scoccia, G.L., Malavolta, I., Autili, M., Di Salle, A., Inverardi, P.: User-centric android flexible permissions. In: Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering Companion, ICSE-C 2017, (i), pp. 365–367 (2017)
Oglaza, A., Laborde, R., Benzekri, A., Barrère, F.: A recommender-based system for assisting non technical users in managing android permissions. In: Proceedings - 2016 11th International Conference on Availability, Reliability and Security, ARES 2016, pp. 1–9 (2016)
Hamed, A., Ayed, H.K.B.: Privacy risk assessment and users’ awareness for mobile apps permissions. In: Proceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA (2016)
Moussa, M., Di Penta, M., Antoniol, G., Beltrame, G.: ACCUSE: helping users to minimize android app privacy concerns. In: Proceedings - 2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems, MOBILESoft 2017, pp. 144–148 (2017)
Mathur, A., Ewoldt, E.: Permission Educator App. https://github.com/akshaymathur05/Permission_Educator
VirusTotal. www.virustotal.com/. Accessed 05 July 2021
Jinja2. https://jinja.palletsprojects.com/en/3.0.x/. Accessed 05 July 2021
Flask (web framework) (2012). https://en.wikipedia.org/wiki/Flask_(web_framework). Accessed 05 July 2021
Acknowledgement
This project was partially supported by National Science Foundation Grant Awards #1903419 and #1903423.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Mathur, A., Ewoldt, E., Niyaz, Q., Javaid, A., Yang, X. (2022). Permission-Educator: App for Educating Users About Android Permissions. In: Kim, JH., Singh, M., Khan, J., Tiwary, U.S., Sur, M., Singh, D. (eds) Intelligent Human Computer Interaction. IHCI 2021. Lecture Notes in Computer Science, vol 13184. Springer, Cham. https://doi.org/10.1007/978-3-030-98404-5_34
Download citation
DOI: https://doi.org/10.1007/978-3-030-98404-5_34
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-98403-8
Online ISBN: 978-3-030-98404-5
eBook Packages: Computer ScienceComputer Science (R0)