Permissionwatcher: Creating user awareness of application permissions in mobile systems

Abstract

Permission systems control access of mobile applications to other applications, data, and resources on a smartphone. Both from a technical and a social point of view, they are based on the assumption that users actually understand these permissions and hence they can make an informed decision about which permission to grant to which piece of software. Results of a survey conducted for this article seriously challenges this assumption. For instance, over a third of participating Android users were not able to correctly identify the meaning of the permission Full Internet Access. We developed PermissionWatcher, an Android application which provides users with awareness information about other applications and allows to check on the permission set granted to individual applications. In a field study with 1000+ Android users, we collected data that provides evidence that users are willing to follow security principles if security awareness is created and information is presented in a clear and comprehensive way. Therefore, we argue that it is essential for security policies to take the abilities of the target audience into account.