Institute of Electrical & Electronic Engineers
Security policies, which specify what applications are allowed to do, are notoriously difficult to specify correctly. Many applications were found to request over-liberal permissions. On mobile platforms, this might prevent a cautious user from installing an otherwise harmless application or, even worse, increase the attack surface in vulnerable applications. As a result of such difficulties, programmers frequently ask about them in on-line fora. The authors' goal is to gain some insight into both the misuse of permissions and the discussions of permissions in on-line fora.