User-centric Android Flexible Permissions

Author(s): Gian Luca Scoccia, Ivano Malavolta, Marco Autili, Amleto Di Salle, Paola Inverardi
Venue: Proceedings of the 39th International Conference on Software Engineering Companion Pages 365-367
Date: 5/20/2017

Class/Experience Level: Professional
Data Collection Method: Project Artifact(s)


This paper presents a problem with the current permissions model of the Android operating system. The problem statement claims that the current model is too rigid, forcing users to either not installing the given application or relinquish all permissions to the application in order to experience every feature. The analysis of the current Android permissions model pinpoints a number of rigidities including the granularity level of the permissions, the timing at which permissions are granted, and the fact that the permissions model considers all users as equal.

The solution that this paper presents is called the Android Flexible Permissions (AFP) which is claimed to be a more user-centric approach to flexible permissions management. This model is said to allow users to specify and customize certain permission levels that are aligned with their personal privacy concerns. From a developer standpoint, the paper points out that the goal is to give a means to develop applications that will dynamically adapt to the user-defined permissions with little to no additional effort. The paper goes into more detail about the AFP approach and outlines three components: the app itself, an AFP library (used to enforce permissions at runtime), and an AFP server (a web app that allows developers to help an existing application comply with AFP.