DPC:A Dynamic Permission Control Mechanism for Android Third-Party Libraries

Fu Hau Hsu, Nien Chi Liu, Yan Ling Hwang, Che Hao Liu, Chuan Sheng Wang, Chang Yi Chen

Research output: Contribution to journalArticlepeer-review

1 Scopus citations

Abstract

Today's smartphone app stores are full of apps with diverse features. Many developers use third-party libraries to reduce the development time and cost, but developers often ignore the security problems of third-party libraries. A major security problem introduced by third-party libraries is that a third-party library has the same permissions as the apps, called host-apps hereafter, that use it. According to previous research, having the same permissions as its host apps, a third-party library could have unauthorized access to user data, which poses a serious threat to app users. Therefore, how to prevent third-party libraries from abusing permissions has become an important issue. To solve this problem, this paper proposes a Dynamic Permission Control mechanism, called Dynamic Permission Controller or DPC hereafter, for app developers to prohibit third-party libraries from abusing host apps' dangerous permissions. DPC modifies the permission control mechanism of Android framework to make apps have a more flexible permission management mechanism when they are running. DPC provides new APIs which allows an app to dynamically disable a granted dangerous permission before invoking an API of a third-party library and restore the dangerous permission after completing the API. Hence, DPC protects user's privacy by blocking unauthorized access from third-party libraries. Meanwhile, without the requirement that an app developer needs to know the detail of third-party libraries, the app still can use APIs of third-party libraries safely. Experimental results show that DPC works with many popular apps downloaded from Google Play well and DPC prohibits a third-party library from having the same dangerous permissions that its host apps have. Hence, unlike previous solutions, DPC does not have compatibility problems. The overhead introduced by DPC on an emulator and Nexus 7 are 1.8 and 0.3 percent respectively.

Original languageEnglish
Article number8815864
Pages (from-to)1751-1761
Number of pages11
JournalIEEE Transactions on Dependable and Secure Computing
Volume18
Issue number4
DOIs
StatePublished - 1 Jul 2021

Keywords

  • Third-party library
  • in-app advertisement
  • privacy
  • security

Fingerprint

Dive into the research topics of 'DPC:A Dynamic Permission Control Mechanism for Android Third-Party Libraries'. Together they form a unique fingerprint.

Cite this