Quantifying the Effects of Removing Permissions from Android Applications Eric Gustafson, Kristen Kennedy, and Hao Chen With the growing popularity of Android smart phones, it is increasingly important to ensure the security of sensitive user information. A recent study found that approximately 26% of Android applications in Google Play can access personal data, such as contacts and email, and 42 percent, GPS location data. While Android is known for giving the user control, it falls short when it comes to enabling and disabling the permissions on applications. Currently, the user is given the option to either give the application every permission it desires or not install it. While researchers have proposed approaches for allowing users to modify the permissions granted to applications, it is unclear how removing permissions would affect the behavior of current applications. At present, developers expect all requested permissions to be granted. In this paper, we take the first step to quantify the impact of enabling users to statically remove permissions on Android applications post-installation. We developed Pyandrazzi, a system for evaluating the effect of removing individual permissions from applications. Using Pyandrazzi, we evaluated how removing seven common permissions affect a set of randomly selected applications that request them. We found that approximately 5.8% of the 700 applications we tested crash after a permission is removed and investigated how the lack of certain permissions are handled more gracefully than others. Our results will help users make more informed decisions when removing permissions and help developers make their applications more robust to permission revocation.