Who decides what is allowed? User Interactions and Permissions Use on Android
Android apps can potentially access a wide variety of sensitive resources such as location, camera, microphone, contacts, and more. To protect access to such sensitive resources, Android includes a permission system in which users can grant and deny access to certain sensitive resources on a per-app basis. In this talk, I will discuss the evolution of Android’s permission system, some limitations as it stands today, and some of the issues with using permissions to enforce security policies. Then I will give an overview of recent work studying user expectations of how user interactions might convey authorization in Android, and developing auditing mechanisms to check those expectations.
Tue 6 Nov
|13:30 - 14:15|
Jeffrey S. FosterTufts University
|14:15 - 15:00|
Chris CasinghinoDraper Laboratory