UIPDroid: Unrooted dynamic monitor of Android app UIs for fine-grained permission control

Author

Mulin DUAN, Singapore Management UniversityFollow
Lingxiao JIANG, Singapore Management UniversityFollow
Lwin Khin SHAR, Singapore Management UniversityFollow
Debin GAO, Singapore Management UniversityFollow

Publication Type

Conference Proceeding Article

Version

acceptedVersion

Publication Date

5-2022

Abstract

Proper permission controls in Android systems are important for protecting users' private data when running applications installed on the devices. Currently Android systems require apps to obtain authorization from users at the first time when they try to access users' sensitive data, but every permission is only managed at the application level, allowing apps to (mis)use permissions granted by users at the beginning for different purposes subsequently without informing users. Based on privacy-by-design principles, this paper develops a new permission manager, named UIPDroid, that (1) enforces the users' basic right-to-know through user interfaces whenever an app uses permissions, and (2) provides a more fine-grained UI widget-level permission control that can allow, deny, or produce fake private data dynamically for each permission use in the app at the choice of users, even if the permissions may have been granted to the app at the application level. In addition, to make the tool easier for end users to use, unlike some other root-based solutions, our solution is root-free, developed as a module on top of a virtualization framework that can be installed onto users' device as a usual app. Our preliminary evaluation results show that UIPDroid works well for finegrained, per-widget control of contact and location permissions implemented in the prototype tool, improving users' privacy awareness and their protection. The tool is available at https://github.com/pangdingzhang/Anti-Beholder; A demo video is at: https://youtu.be/dT-mq4oasNU

Keywords

Android, Permission Management, Rootless, VirtualXposed

Discipline

Databases and Information Systems | Software Engineering

Research Areas

Information Systems and Management

Publication

Proceedings of the 44th International Conference on Software Engineering, Pittsburgh, USA, 2022 May 21-29

First Page

227

Last Page

231

ISBN

9781665495981

Identifier

10.1109/ICSE-Companion55297.2022.9793833

Publisher

IEEE

City or Country

Pittsburgh

Citation

DUAN, Mulin; JIANG, Lingxiao; SHAR, Lwin Khin; and GAO, Debin. UIPDroid: Unrooted dynamic monitor of Android app UIs for fine-grained permission control. (2022). Proceedings of the 44th International Conference on Software Engineering, Pittsburgh, USA, 2022 May 21-29. 227-231.
Available at: https://ink.library.smu.edu.sg/sis_research/7311

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

http://doi.org/10.1109/ICSE-Companion55297.2022.9793833