PeMo: Modifying application's permissions and preventing information stealing on smartphones

摘要

Android OS protects user data and system resources with the help of permission based model which requires the android application developers to declare the resources to be used by their application well in advance. The system resources and the user's data would not be accessible to the developer unless the user grants the acceptance to the permissions being asked by the developer. In order to install the application on the mobile, the user has to allow access to all the requested permissions. There is no method of granting some permission to the application and denying rest of the others. Such a case leads to accepting the permissions like reading messages or accessing contacts etc. and puts the user's data on stake. In this paper we present a permission enforcement framework for android called PeMo, which will allow the user to selectively grant permissions to application according to the need of the application, as there are many applications on the Play Store those are asking for some permissions which are not required for their working. We will also show how these constraints can be set by the user through an easy to use interface. Our permission enforcement framework is implemented and tested on Android OS and is compatible with the current security mechanism. The permission enforcement framework would help user to protect their private data from being misuse.