TRUST Security Seminar: Do Static Permission Systems Work?
Seminar | December 2 | 1-2 p.m. | Soda Hall, Wozniak Lounge
Adrienne Felt, University of California, Berkeley
Team for Research in Ubiquitous Security Technologies
Several new application platforms use static permission systems to restrict access to system API resources. Two prominent examples are the Android OS application platform and the Google Chrome extension system. Developers request permissions for their applications, and the user decides during installation whether those permissions are acceptable. A static permission system serves two purposes. First, it can alert users to potential malware: a user should be alarmed if a simple game wants the ability to wipe all files from a device. Second, it should reduce the average impact of an application vulnerability because each application is strictly limited to a subset of the API. For either of these goals to be met, “dangerous” permissions must be uncommon. If all applications have dangerous permissions, then users cannot differentiate between malicious and benign applications and the average impact of an application vulnerability will still be high. We perform large-scale surveys of Android applications and Google Chrome extensions. We determine the prevalence of dangerous permissions and examine whether developers request unnecessary permissions. We also study the effect of the permission systems on users: we chart popularity against permission level, and we survey comments on application pages to see whether users question developers about their applications’ permissions.