Table of Contents
Fetching ...

Evolution of Android's Permission-based Security Model and Challenges

Rajendra Kumar Solanki, Vijay Laxmi, Manoj Singh Gaur

TL;DR

The paper addresses how Android's permission-based security model has evolved and what challenges persist for developers and users. It conducts a comprehensive literature review (2010–2022) to map Android API calls to permissions, trace permission evolution, and analyze how permission checks are implemented. It identifies research gaps—such as the need for up-to-date permission mappings for recent Android versions, accessible evaluation datasets, and clearer separation of third-party library permissions—and proposes concrete directions for future work including UI standardization and multi-app analysis. The findings have practical impact for improving malware detection, privacy protection, and policy design in the Android ecosystem.

Abstract

Android Permission Model and Application (app) analysis has consistently remained the focus of the investigation of research groups and stakeholders of the Android ecosystem since it was launched in 2008. Even though the Android smartphone operating system (OS) permission model has evolved significantly from `all-or-none access' to `user-chosen dangerous resource access', specific challenges and issues remain unresolved even after 15 years after the smartphone OS launch. This study addresses the issues and documents the research work in this arena through a comprehensive literature survey and comparative analysis. The survey's focal point is the Android permission model and relevant research between 2010-2022. We systematize the knowledge on (i) Android API Calls to permissions mapping, (ii) Android Permissions evolution, and (iii) how permissions are checked. Furthermore, the survey identifies the permission-related issues and relevant research addressed during the last decade. We reference seminal work in these areas. We summarize the identified research gaps and present future directions for early and experienced researchers.

Evolution of Android's Permission-based Security Model and Challenges

TL;DR

The paper addresses how Android's permission-based security model has evolved and what challenges persist for developers and users. It conducts a comprehensive literature review (2010–2022) to map Android API calls to permissions, trace permission evolution, and analyze how permission checks are implemented. It identifies research gaps—such as the need for up-to-date permission mappings for recent Android versions, accessible evaluation datasets, and clearer separation of third-party library permissions—and proposes concrete directions for future work including UI standardization and multi-app analysis. The findings have practical impact for improving malware detection, privacy protection, and policy design in the Android ecosystem.

Abstract

Android Permission Model and Application (app) analysis has consistently remained the focus of the investigation of research groups and stakeholders of the Android ecosystem since it was launched in 2008. Even though the Android smartphone operating system (OS) permission model has evolved significantly from `all-or-none access' to `user-chosen dangerous resource access', specific challenges and issues remain unresolved even after 15 years after the smartphone OS launch. This study addresses the issues and documents the research work in this arena through a comprehensive literature survey and comparative analysis. The survey's focal point is the Android permission model and relevant research between 2010-2022. We systematize the knowledge on (i) Android API Calls to permissions mapping, (ii) Android Permissions evolution, and (iii) how permissions are checked. Furthermore, the survey identifies the permission-related issues and relevant research addressed during the last decade. We reference seminal work in these areas. We summarize the identified research gaps and present future directions for early and experienced researchers.
Paper Structure (52 sections, 8 figures, 6 tables)

This paper contains 52 sections, 8 figures, 6 tables.

Figures (8)

  • Figure 1: Android Architecture
  • Figure 2: Android application
  • Figure 3: Number of available apps in Google Play Store during 2009-2022
  • Figure 4: App manifest showing Activity, Service, Broadcast Receiver, and Content Provider
  • Figure 5: Requesting permission dialog box at runtime
  • ...and 3 more figures