An Empirical History of Permission Requests and Mistakes in Open Source Android Apps

Abstract

Android applications (apps) rely upon proper permission usage to ensure that the user’s privacy and security are adequately protected. Unfortunately, developers frequently misuse app permissions in a variety of ways ranging from using too many permissions to not correctly adhering to Android’s defined permission guidelines. The implications of these permissionissues (possible permission problems) can range from harming the user’s perception of the app to significantly impacting their privacy and security. An imperative component to creating more secure apps that better protect a user’s privacy is an improved understanding of how and when these issues are being introduced and repaired. While there are existing permissions-analysis tools and Android datasets, there are no available datasets that contain a large-scale empirical history of permission changes and mistakes. This limitation inhibits both developers and researchers from empirically studying and constructing a holistic understanding of permission-related issues. To address this shortfall with existing resources, we created a dataset of permission-based changes and permission-issues in open source Android apps. Our unique dataset contains information from 2,002 apps with commits from 10,601 unique committers, totaling 789,577 commits. We accomplished this by mining app repositories from F-Droid, extracting their version and commit histories, and analyzing this information using two permission analysis tools. Our work creates the foundation for future research in permission decisions and mistakes. Complete project details and data is available on our project website: https://mobilepermissions.github.io.

Publication
Proceedings of the 16th International Conference on Mining Software Repositories

Related