Managing App Permissions on Android

1. Introduction to App Permissions on Android

Permissions ensure users remain in control of their personal information and access rights when executing applications on a device. Smartphone users should understand what information the application is accessing before deciding to install or execute it to guard the device. Android permission-managing capabilities are integrated with the Android OS to provide users with control over the installed applications and make the execution contexts aware of the requested resources. The design of the Android permissions framework is governed by the principle of access with user permission. Due to the under-exploitation of permission restriction, users remain excessively uncertain about their privacy and data when they use the platform. Other projects for smartphones have realized permission-aware devices. For example, in the AndroidDrone research, Qian et al. designed AppFence and constructed an architecture for the exploration and protection of OS permission policy enforcement, as well as a tool to guarantee the methods on applications. Spreitzenbarth et al. proposed a forensic approach that mapped sensitive permissions alongside popular applications, analyzed the risks associated with the permissions, and examined app developers' privacy compliance. Amuri et al. advocated the elimination of permissions, attempting to provide user-supported permission management services while enhancing and protecting user privacy. Similar to these projects and research studies, the Android permission mechanism has been a heavily focused topic over the past few years, but the lack of compatible permission management experience for the user-oriented interface is palpable.

Even though user awareness of app permissions has been regarded as one of the most privacy-related security concerns in the literature, current research has focused on detecting permission over-extensions and deficiencies. Research on how users actually manage application permissions on smartphones is limited. To fill this void, this paper presents a comprehensive guide on permission management on Android. More specifically, we intend to examine the implications of permission management for the data security of devices, explore how current smartphones support permission management, and understand how users are managing permission requests. The ultimate goal is to provide a number of practical design implications that can help researchers and practitioners develop management tools for smartphone system protection.

In the Android operating system, an app usually requires user permission to access sensitive data (e.g., contacts, messages) or system features (e.g., GPS, camera). This is regarded as required system protection, and users are clearly informed about the permissions required when installing the application. However, most users simply accept the default permission set when installing applications, as considering or managing permission requests is generally considered an unnecessary burden. After granting the required permissions, the user may forget about permission management and lose control over which apps have access to data on their device.

2. Understanding Different Types of App Permissions

- Device: App access to the phone hardware configurations like camera, Wi-Fi, etc. - Camera: App access to the phone camera. - Location: App access to the phone location. - Mic: App access to the phone microphone. - SMS: App access to the incoming SMS. - Call: App access to receive phone calls. - Internet: Internet access. - Storage: The storage of the device.

You give app permission when you install an app on your Android device. Some apps require many permissions, and some require rarely. You usually give app permissions without a second thought, but did you ever think about what permission you give or which permission is granted by what app on your device? In most cases, you don't need to worry, but for better understanding, let's see first what types of permissions usually apps ask for on Android. The types are, but not limited to:

3. Methods to Manage App Permissions on Android

Another way of managing app permissions is by accessing it through the notification shade. This method might not work for everyone since some Android updates might disable showing the gear icon on the notification shade. However, if you belong to the group of users who are still able to do this through the notification shade, don't worry. Just tap on the gear icon, if it's available, and scroll down and look for an entry that says "Apps." Once you are in the apps menu, you first have to select the app that you want to edit the permissions for. All you have to do next is tap the "App Permissions" setting and you're good to go.

2. Accessing app permissions via notification shade

The easiest way to access each app's permission settings is via the device's settings. Usually, settings come with a gear icon that is found within the app drawer or on the notification shade. You may also find it by touching and launching the cogs icon on the quick settings. Go to "Apps," right after you have found it. This screen will display a list of all apps installed on your device. Touching any app will display the app permission settings. You may also access the permissions for certain apps that do not have any available settings for permissions.

1. Access app permissions via settings

There are several ways to access the app permissions management screen. Remember that it may vary based on your device manufacturer or Google's update on the software. Here are some primary methods.

4. Best Practices for App Permission Management

Consumers should limit app permissions and check the apps that they install. Permission control for Android users is available on the Google Play security settings. Avoid sideloading while only using apps from trusted app stores. Review and evaluate the apps that they install and understand what permissions the app requires and why it needs them. Lastly, they should keep apps up to date and monitor excessive data usage. This is because some apps can access the network during the background using data in mobile and decrease device performance.

App developers must remember to ask for permission for resources on runtime. Android has a new permission model where they will ask for specific access on function calls. They should not declare unnecessary permissions that can violate the user's privacy. Android has several groups of permissions like the camera and VCR, other user contacts (reading contacts from other apps), and Bluetooth. For app developers, they locate permissions insecure and hone resource conventions at runtime.

It is not always the device user's fault that particular permissions don't work properly. Mistakes that app developers or device owners make are also reasons for this happening. There are best practices for app permission management that can guide these mistakes.

5. Future Trends in App Permission Management

Smartphones contain personal information like emails, photos, and messages which can be accessed by apps in order to tailor their content to the user or enhance app functionality. Each association requires separate permissions that the user has to approve individually which leads to the permission overload problem. They tested the standard approach and a simplified permission list approach containing only a subset of the currently requested permissions. The evaluation results show that the simplified permission list model significantly improves user decision confidence and encourages them to apply the principle of least privilege when deciding on the permission.

Ever-growing permission models for app permissions are known for their overwhelming complexity and might lead to users making poor security decisions. Android permissions have evolved over the past years from a very coarse, install-time decision on a predefined set of permissions to permission groups and on-demand requests. In this chapter, we have presented a comprehensive study of different Android permission management approaches for different permission models. We also have explained the current challenges of the current Android permission model and made a comprehensive comparison of all the available app permission management schemes available in the literature. Finally, we present best practices in enhanced permission management for various permission models.