Show simple item record

dc.contributor.authorGamba, Julien 
dc.contributor.authorFeal, Álvaro 
dc.contributor.authorBlázquez, Eduardo
dc.contributor.authorBandara, Vinuri 
dc.contributor.authorRazaghpanah, Abbas
dc.contributor.authorTapiador, Juan
dc.contributor.authorVallina-Rodriguez, Narseo 
dc.date.accessioned2023-07-11T13:12:10Z
dc.date.available2023-07-11T13:12:10Z
dc.date.issued2023-06
dc.identifier.urihttps://hdl.handle.net/20.500.12761/1715
dc.description.abstractAndroid implements a permission system to regulate apps' access to system resources and sensitive user data. One salient feature of this system is its extensibility: apps can define their own custom permissions to expose features and data to other apps. However, little is known about how widespread the usage of custom permissions is, and what is the impact that these permissions can have on users' privacy and security. In this paper, we empirically study the usage of custom permissions at large scale, using a dataset of 2.2M pre-installed and app-store-downloaded apps. We find the usage of custom permissions to be widespread, and seemingly growing over time. Despite this prevalence, we find that custom permissions are virtually invisible to end users, and their purpose mostly undocumented. This lack of transparency can lead to serious security and privacy problems: we show that custom permissions can facilitate access to permission-protected system resources to apps that lack those permissions without user awareness. To detect this practice, we design and implement two static analysis tools, and highlight multiple concerning cases spotted in the wild. We conclude this study with a discussion of potential solutions to mitigate the privacy and security risks of custom permissions.es
dc.description.sponsorshipHorizon Europees
dc.description.sponsorshipSpanish Ministry of Sciencees
dc.language.isoenges
dc.publisherIEEEes
dc.titleMules and Permission Laundering in Android: Dissecting Custom Permissios in the Wildes
dc.typejournal articlees
dc.journal.titleIEEE Transactions on Dependable and Secure Computinges
dc.rights.accessRightsopen accesses
dc.identifier.doi10.1109/TDSC.2023.3288981es
dc.page.final18es
dc.page.initial1es
dc.relation.projectID101021377es
dc.relation.projectIDPID2019-111429RBC2es
dc.relation.projectNameTRUST aWAREes
dc.relation.projectNameODIOes
dc.subject.keywordAndroid, Access control, Custom permissions, Mobile apps, Android Permissionses
dc.description.refereedTRUEes
dc.description.statuspubes


Files in this item

This item appears in the following Collection(s)

Show simple item record