Asking for (and about) Permissions Used by Android Apps

Ryan Stevens, Jonathan Ganz, Vladimir Filkov, Premkumar Devanbu, and Hao Chen

Security policies, which specify what applications
are allowed to do, are notoriously difficult to specify correctly.
Many applications were found to request over-liberal permissions.
On mobile platforms, this might prevent a cautious user
from installing an otherwise harmless application or, even worse,
increase the attack surface in vulnerable applications. As a result
of such difficulties, programmers frequently ask about them in
on-line fora. Our goal is to gain some insight into both the misuse
of permissions and the discussions of permissions in on-line
fora. We analyze about 10,000 free apps from popular Android
markets and found a significant sub-linear relationship between
the popularity of a permission and the number of times when it
is misused. We also study the relationship of permission use and
the number of questions about the permission on StackOverflow.
Finally, we study the effect of the influence of a permission (the
functionality that it controls) and the interference of a permission
(the number of other permissions that influence the same classes)
on the occurrence of both permission misuse and permission
discussions in StackOverflow.