Mon 20 - Fri 24 October 2014 Portland, Oregon, United States
Tue 21 Oct 2014 11:30 - 12:00 at Medford - Technical Paper Session

One of the most common security & privacy issues concerning mobile applications is the unnecessary access to sensitive information and resources. In a mobile application platform like Android, where a permission mechanism is used to maintain access control, the app developer dictates what permissions are necessary at install time. For various reasons however, including user confusion and lack of proper documentation, developers may overcompensate for the necessary permissions, thus undermining the access control mechanism and increasing the potential risk from a vulnerability exploit. In this paper we present PermitMe, a tool developed as a plugin for the Eclipse IDE, to interactively guide developers on the set of required permissions when creating Android applications. We conducted a between-groups user study in order to evaluate the effectiveness, efficiency, and usability of the PermitMe tool in enhancing the developer’s experience when deciding on including Android permissions in their mobile applications.