IEEE Access (Jan 2020)
A Comprehensive Analysis of the Android Permissions System
Abstract
Android is one of the most essential and highly used operating systems. Android permissions system is a core security component that offers an access-control mechanism to protect system resources and users’ privacy. As such, it has experienced continuous change over each Android release. However, previous research on the permissions system has employed static analysis techniques. Furthermore, most of these studies are outdated, covering older versions of Android. This paper aims to discuss the permissions system intensively to provide a nutshell overview of the Android platform’s access-control mechanism. The paper presents a comprehensive analysis of the Android permissions system since it was introduced in 2008 until now, accompanied by a formal model of its components. The results of the analysis reveal a continuous growth in the number of permissions since the original release—a growth of seven times in some permission categories. A case study has been conducted for the last five years’ versions of the top Android apps to examine the permissions system’s evolution and its attendant security issues from the applications’ perspective. Some apps showed an increase in permissions usage of 73.33% by the 2020 release. Additionally, the results of the case study contribute to the understanding of permissions deployment by both vendors and developers. Finally, a discussion of the permission-based security enhancements discloses that the Android permissions system faces various security issues. In general, this paper provides researchers and academics an up-to-date, comprehensive, self-contained reference study of the Android permissions system.
Keywords