Application permissions

Permissions are a means of controlling and regulating access to specific system- and device-level functions by software. Typically, types of permissions cover functions that may have privacy implications, such as the ability to access a device's hardware features (including the camera and microphone), and personal data (such as storage devices, contacts lists, and the user's present geographical location). Permissions are typically declared in an application's manifest, and certain permissions must be specifically granted at runtime by the user—who may revoke the permission at any time.

Permission systems are common on mobile operating systems, where permissions needed by specific apps must be disclosed via the platform's app store.

Mobile devices

On mobile operating systems for smartphones and tablets, typical types of permissions regulate:^[1][2]

• Access to storage and personal information, such as contacts, calendar appointments, etc.
• Location tracking.
• Access to the device's internal camera and/or microphone.
• Access to biometric sensors, including fingerprint readers and other health sensors..
• Internet access.
• Access to communications interfaces (including their hardware identifiers and signal strength where applicable, and requests to enable them), such as Bluetooth, Wi-Fi, NFC, and others.
• Making and receiving phone calls.
• Sending and reading text messages
• The ability to perform in-app purchases.
• The ability to "overlay" themselves within other apps.
• Installing, deleting and otherwise managing applications.
• Authentication tokens (e.g., OAuth tokens) from web services stored in system storage for sharing between apps.

Prior to Android 6.0 "Marshmallow", permissions were automatically granted to apps at runtime, and they were presented upon installation in Google Play Store. Since Marshmallow, certain permissions now require the app to request permission at runtime by the user. These permissions may also be revoked at any time via Android's settings menu.^[3] Usage of permissions on Android are sometimes abused by app developers to gather personal information and deliver advertising; in particular, apps for using a phone's camera flash as a flashlight (which have grown largely redundant due to the integration of such functionality at the system level on later versions of Android) have been known to require a large array of unnecessary permissions beyond what is actually needed for the stated functionality.^[4]

iOS imposes a similar requirement for permissions to be granted at runtime, with particular controls offered for enabling of Bluetooth, Wi-Fi, and location tracking.^[5][6]

WebPermissions

WebPermissions is a permission system for web browsers.^[7] When a web application needs some data behind permission, it must request it first. When it does it, a user sees a window asking him to make a choice. The choice is remembered, but can be cleared lately.

Currently the following resources are controlled:

• geolocation^[8]
• desktop notifications^[9]
• service workers^[10][11]
• sensors
  • audio capturing devices,^[12] like sound cards, and their model names and characteristics
  • video capturing devices,^[12] like cameras, and their identifiers and characteristics

Analysis

The permission-based access control model assigns access privileges for certain data objects to application. This is a derivative of the discretionary access control model. The access permissions are usually granted in the context of a specific user on a specific device. Permissions are granted permanently with few automatic restrictions.

In some cases permissions are implemented in 'all-or-nothing' approach: a user either has to grant all the required permissions to access the application or the user can not access the application. There is still a lack of transparency when the permission is used by a program or application to access the data protected by the permission access control mechanism. Even if a user can revoke a permission, the app can blackmail a user by refusing to operate, for example by just crashing or asking user to grant the permission again in order to access the application.

The permission mechanism has been widely criticized by researchers for several reasons, including;

• Intransparency of personal data extraction and surveillance, including the creation of a false sense of security;^[13][14]
• End-user fatigue of micro-managing access permissions leading to a fatalistic acceptance of surveillance and intransparency;^[15]
• Massive data extraction and personal surveillance carried out once the permissions are granted.^[16][17]

Some apps, such as XPrivacy and Mockdroid^[18] spoof data in order to act as a measure for privacy. Further transparency methods include longitudinal behavioural profiling and multiple-source privacy analysis of app data access.^[19][20]

References

1. "Manifest.permission - Android Developers". developer.android.com.
2. "iOS Security Guide" (PDF).
3. Cimpanu, Catalin. "Permission-greedy apps delayed Android 6 upgrade so they could harvest more user data". ZDNet. Retrieved 2020-01-10.
4. Cimpanu, Catalin. "Most Android flashlight apps request an absurd number of permissions". ZDNet. Retrieved 2020-01-10.
5. Cipriani, Jason. "Keep your location secret with iOS 13's new privacy features". CNET. Retrieved 2019-08-08.
6. Welch, Chris (2019-09-19). "Here's why so many apps are asking to use Bluetooth on iOS 13". The Verge. Retrieved 2019-09-26.
7. "Permissions". w3c.github.io. Retrieved 2019-05-10.
8. "Geolocation API Specification 2nd Edition". www.w3.org.
9. "Notifications API Standard". notifications.spec.whatwg.org.
10. "Push API". www.w3.org.
11. "Web Background Synchronization". wicg.github.io.
12. "Media Capture and Streams". w3c.github.io.
13. Moen, Gro Mette, Ailo Krogh Ravna, and Finn Myrstad: Deceived by Design - How tech companies use dark patterns to discourage us from exercising our rights to privacy., 2018, Consumer council of Norway / Forbrukerrådet. Report. https://www.forbrukerradet.no/undersokelse/no-undersokelsekategori/deceived-by-design Archived 2020-10-11 at the Wayback Machine
14. Fritsch, Lothar; Momen, Nurul (2017). "Derived Partial Identities Generated from App Permissions". Gesellschaft für Informatik: 117–130. {{cite journal}}: Cite journal requires |journal= (help)
15. Kelley, Patrick Gage; Consolvo, Sunny; Cranor, Lorrie Faith; Jung, Jaeyeon; Sadeh, Norman; Wetherall, David (2012). "A Conundrum of Permissions: Installing Applications on an Android Smartphone". In Blyth, Jim; Dietrich, Sven; Camp, L. Jean (eds.). Financial Cryptography and Data Security. Lecture Notes in Computer Science. Vol. 7398. Springer Berlin Heidelberg. pp. 68–79. CiteSeerX 10.1.1.232.4261. doi:10.1007/978-3-642-34638-5_6. ISBN 978-3-642-34638-5. S2CID 17861847.
16. Momen, N.; Hatamian, M.; Fritsch, L. (November 2019). "Did App Privacy Improve After the GDPR?". IEEE Security Privacy. 17 (6): 10–20. doi:10.1109/MSEC.2019.2938445. ISSN 1558-4046. S2CID 203699369.
17. Momen, Nurul (2020). "Measuring Apps' Privacy-Friendliness : Introducing transparency to apps' data access behavior". {{cite journal}}: Cite journal requires |journal= (help)
18. Beresford, Alastair R.; Rice, Andrew; Skehin, Nicholas; Sohan, Ripduman (2011). "MockDroid". Proceedings of the 12th Workshop on Mobile Computing Systems and Applications. New York, New York, USA: ACM Press. pp. 49–54. doi:10.1145/2184489.2184500. ISBN 978-1-4503-0649-2. S2CID 2166732.
19. Momen, Nurul (2018). "Towards Measuring Apps' Privacy-Friendliness". Diva.
20. Hatamian, Majid; Momen, Nurul; Fritsch, Lothar; Rannenberg, Kai (2019). "A Multilateral Privacy Impact Analysis Method for Android Apps". In Naldi, Maurizio; Italiano, Giuseppe F.; Rannenberg, Kai; Medina, Manel; Bourka, Athena (eds.). Privacy Technologies and Policy. Lecture Notes in Computer Science. Vol. 11498. Springer International Publishing. pp. 87–106. doi:10.1007/978-3-030-21752-5_7. ISBN 978-3-030-21752-5. S2CID 184483219.