Evolution of Android's Permission-based Security Model and Challenges
Rajendra Kumar Solanki, Vijay Laxmi, Manoj Singh Gaur
TL;DR
The paper addresses how Android's permission-based security model has evolved and what challenges persist for developers and users. It conducts a comprehensive literature review (2010–2022) to map Android API calls to permissions, trace permission evolution, and analyze how permission checks are implemented. It identifies research gaps—such as the need for up-to-date permission mappings for recent Android versions, accessible evaluation datasets, and clearer separation of third-party library permissions—and proposes concrete directions for future work including UI standardization and multi-app analysis. The findings have practical impact for improving malware detection, privacy protection, and policy design in the Android ecosystem.
Abstract
Android Permission Model and Application (app) analysis has consistently remained the focus of the investigation of research groups and stakeholders of the Android ecosystem since it was launched in 2008. Even though the Android smartphone operating system (OS) permission model has evolved significantly from `all-or-none access' to `user-chosen dangerous resource access', specific challenges and issues remain unresolved even after 15 years after the smartphone OS launch. This study addresses the issues and documents the research work in this arena through a comprehensive literature survey and comparative analysis. The survey's focal point is the Android permission model and relevant research between 2010-2022. We systematize the knowledge on (i) Android API Calls to permissions mapping, (ii) Android Permissions evolution, and (iii) how permissions are checked. Furthermore, the survey identifies the permission-related issues and relevant research addressed during the last decade. We reference seminal work in these areas. We summarize the identified research gaps and present future directions for early and experienced researchers.
