DIMACS
DIMACS REU 2013

General Information

me
Student: Kevin Sung
Office: CoRE 442
School: Rutgers University
E-mail: acrazydiamond1@gmail.com
Project: Privacy and Permissions on the Android Platform

Project Description

Many applications for Android and other mobile computing platforms have access to user data such as personal information and GPS location. Although Android users explicitly grant apps permissions at install time, many (most?) users don't carefully read the permissions requested by apps. My project is to develop an Android app that helps users visualize what permissions the apps on their device use as a way to improve users' mental models of their privacy.


Weekly Log

Week 1:
Learned the basics of Android development, looked into how to programatically detect permissions, started grouping the types of permissions that Android uses, brainstormed visualization ideas
Week 2:
Completed the part of the app that allows the user to view all installed applications and the permissions they use
Week 3:
Implemented app ranking by assigning a weight to each permission. Higher weights indicate more risk. An app's score is calculated by summing the weights of the permissions it requires: the higher the score, the more sensitive permissions the app requires. Apps can be split into good, okay, and bad groups based on score. The proper weight of each permission needs to be determined empirically.
Week 4:
Implemented a simple color coding scheme to visualize app permissions. The main challenge here is to put as much useful information as possible on a single screen, yet keep the visualization manageable. I am trying to think of a way to incorporate information about specific permissions, but I am limited by the number of useful ways to visually encode information, like color, shape, etc. as well as the size of the screen.
Week 5:
I read some papers this week involving lower-level analysis of Android permissions. I think the next step in my project is to incorporate specific information about how apps use permissions. There actually isn't very much information to visualize when only apps' permissions are considered, and the analysis may be a bit misleading because many apps have legitimate uses of dangerous permissions. To further this goal I may start using TaintDroid, which is described in the second paper of the Relevant Publications section below.
Week 6:
Implemented an options screen where the user can select a set of permissions to narrow down the app visualization screen. This is helpful because permissions in certain combinations can be particularly troublesome; for example, when an app has access to both the phone ID and the internet, it can post the phone's ID to advertising servers and such.

Presentations


Additional Information