UIPDroid: Unrooted dynamic monitor of Android app UIs for fine-grained permission control
Proper permission controls in Android systems are important for protecting users' private data when running applications installed on the devices. Currently Android systems require apps to obtain authorization from users at the first time when they try to access users' sensitive data, but...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2022
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/7311 https://ink.library.smu.edu.sg/context/sis_research/article/8314/viewcontent/icse_22.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-8314 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-83142022-09-29T07:32:53Z UIPDroid: Unrooted dynamic monitor of Android app UIs for fine-grained permission control DUAN, Mulin JIANG, Lingxiao SHAR, Lwin Khin GAO, Debin Proper permission controls in Android systems are important for protecting users' private data when running applications installed on the devices. Currently Android systems require apps to obtain authorization from users at the first time when they try to access users' sensitive data, but every permission is only managed at the application level, allowing apps to (mis)use permissions granted by users at the beginning for different purposes subsequently without informing users. Based on privacy-by-design principles, this paper develops a new permission manager, named UIPDroid, that (1) enforces the users' basic right-to-know through user interfaces whenever an app uses permissions, and (2) provides a more fine-grained UI widget-level permission control that can allow, deny, or produce fake private data dynamically for each permission use in the app at the choice of users, even if the permissions may have been granted to the app at the application level. In addition, to make the tool easier for end users to use, unlike some other root-based solutions, our solution is root-free, developed as a module on top of a virtualization framework that can be installed onto users' device as a usual app. Our preliminary evaluation results show that UIPDroid works well for finegrained, per-widget control of contact and location permissions implemented in the prototype tool, improving users' privacy awareness and their protection. The tool is available at https://github.com/pangdingzhang/Anti-Beholder; A demo video is at: https://youtu.be/dT-mq4oasNU 2022-05-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/7311 info:doi/10.1109/ICSE-Companion55297.2022.9793833 https://ink.library.smu.edu.sg/context/sis_research/article/8314/viewcontent/icse_22.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Android Permission Management Rootless VirtualXposed Databases and Information Systems Software Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Android Permission Management Rootless VirtualXposed Databases and Information Systems Software Engineering |
| spellingShingle |
Android Permission Management Rootless VirtualXposed Databases and Information Systems Software Engineering DUAN, Mulin JIANG, Lingxiao SHAR, Lwin Khin GAO, Debin UIPDroid: Unrooted dynamic monitor of Android app UIs for fine-grained permission control |
| description |
Proper permission controls in Android systems are important for protecting users' private data when running applications installed on the devices. Currently Android systems require apps to obtain authorization from users at the first time when they try to access users' sensitive data, but every permission is only managed at the application level, allowing apps to (mis)use permissions granted by users at the beginning for different purposes subsequently without informing users. Based on privacy-by-design principles, this paper develops a new permission manager, named UIPDroid, that (1) enforces the users' basic right-to-know through user interfaces whenever an app uses permissions, and (2) provides a more fine-grained UI widget-level permission control that can allow, deny, or produce fake private data dynamically for each permission use in the app at the choice of users, even if the permissions may have been granted to the app at the application level. In addition, to make the tool easier for end users to use, unlike some other root-based solutions, our solution is root-free, developed as a module on top of a virtualization framework that can be installed onto users' device as a usual app. Our preliminary evaluation results show that UIPDroid works well for finegrained, per-widget control of contact and location permissions implemented in the prototype tool, improving users' privacy awareness and their protection. The tool is available at https://github.com/pangdingzhang/Anti-Beholder; A demo video is at: https://youtu.be/dT-mq4oasNU |
| format |
text |
| author |
DUAN, Mulin JIANG, Lingxiao SHAR, Lwin Khin GAO, Debin |
| author_facet |
DUAN, Mulin JIANG, Lingxiao SHAR, Lwin Khin GAO, Debin |
| author_sort |
DUAN, Mulin |
| title |
UIPDroid: Unrooted dynamic monitor of Android app UIs for fine-grained permission control |
| title_short |
UIPDroid: Unrooted dynamic monitor of Android app UIs for fine-grained permission control |
| title_full |
UIPDroid: Unrooted dynamic monitor of Android app UIs for fine-grained permission control |
| title_fullStr |
UIPDroid: Unrooted dynamic monitor of Android app UIs for fine-grained permission control |
| title_full_unstemmed |
UIPDroid: Unrooted dynamic monitor of Android app UIs for fine-grained permission control |
| title_sort |
uipdroid: unrooted dynamic monitor of android app uis for fine-grained permission control |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2022 |
| url |
https://ink.library.smu.edu.sg/sis_research/7311 https://ink.library.smu.edu.sg/context/sis_research/article/8314/viewcontent/icse_22.pdf |
| _version_ |
1770576309420818432 |