Automatically Granted Permissions in Android apps: An Empirical Study on their Prevalence and on the Potential Threats for Privacy

Developers continuously update their Android apps to keep up with competitors in the market. Such constant updates do not bother end users, since by default the Android platform automatically pushes the most recent compatible release on the device, unless there are major changes in the list of requested permissions that users have to explicitly grant. The lack of explicit user's approval for each application update, however, may lead to significant risks for the end user, as the new release may include new subtle behaviors which may be privacy-invasive. The introduction of permission groups in the Android permission model makes this problem even worse: if a user gives a single permission within a group, the application can silently request further permissions in this group with each update---without having to ask the user. In this paper, we explain the threat that permission groups may pose for the privacy of Android users. We run an empirical study on 2,865,553 app releases, and we show that in a representative app store more than ~17% of apps request at least once in their lifetime new dangerous permissions that the operating system grants without any user's approval. Our analyses show that apps actually use over 56% of such automatically granted permissions, although most of their descriptions do not explicitly explain for what purposes. Finally, our manual inspection reveals clear abuses of apps that leak sensitive data such as user's accurate location, list of contacts, history of phone calls, and emails which are protected by permissions that the user never explicitly acknowledges

Understanding the Evolution of Android Applications

Google released the first version of Android in September 2008, and it quickly grew to become the most popular mobile operating system, with a market share of over 75% as of May 2019. Not only the operating system has changed a lot in the last 10 years, but also applications have been constantly updated to keep up with both the continuous changes of the system and user requests. With such frequent updates, it can be difficult for final users or app store managers to understand what really changes between two releases of the same app, and whether updating an app could be a threat. In this thesis we focus on understanding how Android applications evolve, concentrating our research on analyzing subtle changes in the behavior that may pose security and privacy threats. Our first contribution is an analysis on how permission requests evolve in Android applications. In this work we confirm some trends already reported in the literature, such as applications increasing the number of requested permissions over time, and also present new findings, such as showing that the addition or removal of permissions and functionalities is not always correlated. Following the results of the first study, where we focused only on permission requests, we perform a broader and more in-depth analysis which takes in consideration multiple aspects of applications. We combine information extracted with different static and dynamic analyses, such as information flows, layout changes and libraries used, to report insights on the evolutionary behavior of applications. We show that new information flows in 18% of the cases incur without any change in the user interface, and thus are very hard for the user to notice. The third contribution of this thesis is part of a collaboration on a study performed on parental control applications: those apps, which target a more sensitive user-base, should particularly pay attention to security and privacy issues. We show that these apps are on average more permission-hungry than the top 150 apps in the Google Play Store, and report some privacy issues discovered, such as the use of libraries which forbid in their Terms of Service their use in children-oriented applications. The fourth contribution is a study on the threat that permission groups in the Android permission model introduced with Android 6 can pose to users. With the new model dangerous permissions are divided into groups, and automatically granted by Android if an app already has another permission within the same group. We investigate how often developers ask for permissions that the OS would automatically grant, and if developers are taking advantage of this behavior to access sensitive user data, reporting that in fact this is the case. Finally, all the analysis techniques that we implemented for our studies are integrated in Cartographer, an analysis framework created as part of the work of this thesis, and which we made available to the research community. ----------RESUMEN---------- Google lanzó en septiembre de 2008 la primera versión de Android, que creció rápidamente hasta convertirse en el sistema operativo móvil más popular, con una cuota de mercado superior al 75% en mayo de 2019. No solo el sistema operativo ha cambiando significativamente en los últimos 10 años, sino también las aplicaciones se actualizan continuamente para estar al día con los constantes cambios del sistema y las necesidades de los usuarios. Con todos estos constantes cambios, puede ser difícil para los usuarios finales o los administradores de las tiendas de aplicaciones entender qué ha cambiado realmente entre dos versiones de la misma app, y si actualizarla puede ser una amenaza. En esta tesis nos centramos en analizar cómo las aplicaciones de Android evolucionan, centrando nuestra investigación en la seguridad y la privacidad. Nuestra primera contribución es un análisis de cómo las solicitudes de permisos evolucionan en aplicaciones de Android. En este trabajo confirmamos algunas tendencias ya reportadas en la literatura, como que las aplicaciones aumentan la cantidad de permisos solicitados a lo largo del tiempo. También presentamos nuevos hallazgos, como que la inclusión o eliminación de permisos y funcionalidades no está siempre correlacionada. A continuación de los resultados del primer estudio, donde nos centramos solo en las solicitudes de permisos, realizamos un análisis más amplio y en mayor profundidad que tiene en cuenta varios aspectos de las aplicaciones. Combinamos los datos extraídos, como flujos de información, cambios en el layout y librerías usadas, para reportar el comportamiento evolutivo de las aplicaciones, mostrando que la inclusión de un flujo de información nuevo dentro de la aplicación es completamente transparente para los usuarios el 18% de los casos. La tercera contribución en esta tesis es un estudio realizado sobre aplicaciones de control parental: estas aplicaciones, que tienen usuarios muy vulnerables, deben prestar especial atención a la seguridad y la privacidad. Mostramos que estas aplicaciones piden, de media, más permisos que las 150 aplicaciones más descargadas de Google Play Store. También reportamos algunos problemas de privacidad, como el uso de librerías que prohíben en sus términos de uso su inclusión en aplicaciones orientadas a su uso por niños. La cuarta contribución es un estudio sobre la amenaza para los usuarios que los grupos de permisos introducidos en Android 6 pueden suponer. A partir de esta versión los permisos están divididos en grupos y si una app ya tiene concedido un permiso del grupo y pide uno nuevo, este se acepta de forma automática. Investigamos cómo de habitual es este comportamiento y si los desarrolladores están abusando de ello para acceder a información delicada de sus usuarios. Nuestros análisis demuestran que, efectivamente, esto se produce. Finalmente, todas las técnicas de análisis implementadas para nuestros estudios fueron integradas en Cartographer, un framework de análisis creado como parte del trabajo de esta tesis y que hemos puesto a disposición de la comunidad investigadora

How do apps evolve in their permission requests?: a preliminary study

We present a preliminary study to understand how apps evolve in their permission requests across different releases. We analyze over 14K releases of 227 Android apps, and we see how permission requests change and how they are used. We find that apps tend to request more permissions in their evolution, and many of the newly requested permissions are initially overprivileged. Our qualitative analysis, however, shows that the results that popular tools report on overprivileged apps may be biased by incomplete information or by other factors. Finally, we observe that when apps no longer request a permission, it does not necessarily mean that the new release offers less in terms of functionalities

What did really change with the new release of the app?

The mobile app market is evolving at a very fast pace. In order to stay in the market and fulfill user's growing demands, developers have to continuously update their apps either to fix issues or to add new features. Users and market managers may have a hard time understanding what really changed in a new release though, and therefore may not make an informative guess of whether updating the app is recommendable, or whether it may pose new security and privacy threats for the user. We propose a ready-to-use framework to analyze the evolution of Android apps. Our framework extracts and visualizes various information ---such as how an app uses sensitive data, which third-party libraries it relies on, which URLs it connects to, etc.--- and combines it to create a comprehensive report on how the app evolved. Besides, we present the results of an empirical study on 235 applications with at least 50 releases using our framework. Our analysis reveals that Android apps tend to have more leaks of sensitive data over time, and that the majority of API calls relative to dangerous permissions are added to the code in releases posterior to the one where the corresponding permission was requested

Angel or Devil? A Privacy Study of Mobile Parental Control Apps

Android parental control applications are used by parents to monitor and limit their children’s mobile behaviour (e.g., mobile apps usage, web browsing, calling, and texting). In order to offer this service, parental control apps require privileged access to system resources and access to sensitive data. This may significantly reduce the dangers associated with kids’ online activities, but it raises important privacy concerns. These concerns have so far been overlooked by organizations providing recommendations regarding the use of parental control applications to the public