Figment: Fine-grained Permission Management for Mobile Apps

摘要

Today's Android systems do not allow users to manage the permissions granted to applications (apps) in a flexible and dynamic way. Recent studies show that apps often misuse these permissions to access private information, or have trapdoors via which other malicious apps can do the same. In this paper, we develop a framework Figment, which consists of set of libraries that developers can easily use to build in fine-grained dynamic permission management capabilities. The users of their apps can readily invoke these capabilities during execution. The apps would potentially run with reduced functionalities if the user does not wish to allow certain permissions. Figment also allows either the developer or a user to specify context aware permissions, which cause different permissions to be granted to the app in different functional modes (contexts). We believe that Figment reduces the attack surface exposed to potentially malicious apps and offers a significant step in preserving user privacy. While the rudimentary version of Figment uses aspect-oriented programming and does not need rooting of the phone or changes to the Android sub-system, we also provide an optional root-level fail safe implementation that facilitates the embedding of dynamic permission management functions in old applications not built by using Figment libraries. We show that Figment offers significant benefits over the Android Marshmallow permission management system with lower runtime overheads; the main penalty is a one time higher compilation overhead.