Android permissions are difficult to understand. Michael Kassner interviews a research team using the "wisdom of the crowd" to clarify what a permission actually does.
The doorbell rang. It's my neighbor. "Hey, what's up?" I asked nervously. It's only been a week since my article about the bomb threats at his granddaughter's college.
"Why would a flashlight need GPS?"
"In case it got lost?" He did not appreciate my humor.
"I want to load this flashlight app on my phone," my neighbor explained. "But, why in *&@#$ does it need to know where I am?"
"I don't know," was the best I had. I asked to see the phone; this is what was on the screen.
I was at a loss as to why a flashlight app needs to access GPS-location data. That, plus having to say, "I don't know" is not pleasant for me. I silently vowed to find out.
First thing I noticed was the incredible number of downloads -- 10 million. I wondered how many of the 10 million people were curious as to why the app asked for GPS info.
I texted William Francis, my go-to-guy for anything Android, asking if he knew why a flashlight app would ask permission to use GPS information. His reply, "There aren't any good reasons."
I was afraid of that -- time to get serious.
I couldn't find either a good or bad reason -- probably why I got side-tracked by this paper, "Towards Scalable Evaluation of Mobile Applications through Crowd-sourcing and Automation". Damn intimidating title. Fortunately, I was familiar with two of the authors, Dr. Jason Hong and Dr. Janne Lindqvist.
I was pleasantly surprised once I started reading the paper. My neighbor is not alone. There are enough people confused about Android permissions to warrant the attention of an entire research team:
"As mobile apps have access to both mobile device sensors and also users' personal data, it is critical for users to know how mobile apps are using sensitive information and resources on their devices."
I was disappointed to learn the team's solution, App Scanner, isn't finished. While I want to take a look at the cloud-based service, first some questions for the professors.Kassner: Dr. Lindqvist, what can users do to better understand what each permission request is asking for? Lindqvist: Today, you can't do much. Most applications are not telling what they are using the information for. I might suggest trying to determine whether the application really needs each of the permissions. Also, check if there are equivalent applications that do not require the permission you are concerned about.
One rule of thumb here is everything costs. If you are not paying for an app, it will likely fund itself through advertising. Then your personally-identifying information could be revealed to third parties as well as the app developer.Kassner: Dr. Hong, this Technology Review article quoted you as saying:
"The basic idea here is: How do you help people who are not experts in network and computer security understand what an app is doing?"
How would you help?Hong: The Android Market (Play Store) has over 400,000 apps. The Apple App Store has over 550,000 apps. The problem, however, is how do we know what an app will do when it is loaded on a mobile phone? Also, how can we communicate what an app does to users?
For this project, we propose two major activities. The first is to build a system that can semi-automate the analysis of what an Android app is doing with respect to one's privacy. For example:
- How often does this app share one's location?
- What networks is it connecting to?
- Does it upload part of one's contact list to a server?
The second major activity is to design a user interface that makes it easy for people to understand what the app will do. Currently, apps display a manifest that describes at a very coarse level what an app will do (for example, checks location, uses network, etc). We want to design and evaluate several different interfaces to communicate to people what an app does, based on our semi-automated analysis.
The slide below encapsulates the activities Dr. Hong referred to and -- you guessed it -- App Scanner. Squiddy is the semi-automated subsystem of App Scanner Dr. Hong also referred to above. William and I are working with Professor Landon Cox, co-developer of TaintDroid, a key ingredient in Squiddy. We are hoping to have that piece of the puzzle figured out in a few weeks.
The part of App Scanner I would like to discuss consists of:
- CrowdScanner: Responsible for capturing people's perceptions of how an application is behaving.
- Privacy Evaluator: Quantiﬁes the personal information an app can infer, using the results from Squiddy's evaluation. The Privacy Evaluator will present its results through scenarios that are more understandable to users.
- Privacy Summarizer: Provides end-users privacy summaries generated using output from both CrowdScanner and Privacy Evaluator.
The following slide is an example of a privacy summary. It just so happens to be about the flashlight app my neighbor asked about.
Notice the user percentages? They are the result of a rather unique aspect of App Scanner -- crowd-sourcing.
One problem facing the researchers is the sheer number of apps. If that's not enough, the researchers also realize some human interaction is required to create the summaries. After some head-scratching, the researchers came up with a solution for both challenges:
"Given the scale of participants available on crowd-sourcing platforms such as Amazon Mechanical Turk and the use of automated techniques, we propose that App Scanner is a scalable approach for analyzing mobile applications and providing large coverage of app markets.
Further, we conjecture that by relying on the wisdom of crowds, AppScanner can produce application behavior evaluations that would be close to expert analysis of the app behavior."
If I'm not mistaken, relying on the "wisdom of crowds" is a big shift in academia. At the same time, it's likely the only way to evaluate the million plus apps out there.
I applaud the research team for trying to reduce the complexity surrounding Android permissions. Their wanting to focus attention on unexpected use of smartphone resources will keep everyone honest. Hopefully they will have App Scanner up and working soon.
I'd also like to thank Dr. Lindqvist and Dr. Hong for helping with this article.