Enabling Fine-Grained Permissions in Smartphones
The increasing popularity of smart devices that continuously monitor various aspects of users' life and the prevalence of third-party services that utilize these data feeds have resulted in a serious threat to users' privacy. One-sided focus on the utility of these applications (apps) and lack of proper access control mechanism often lead to inadvertent (or deliberate) leak of sensitive information about users. At the core of protecting user data on smart devices lies the permissions framework. It arbitrates apps' accesses to resources on the device. The existing permissions frameworks in smartphones are largely coarse-grained allowing apps to collect more information than that is required for their functionality thereby putting users' privacy at risk.
In this dissertation, we address these privacy concerns by proposing an extensible permissions framework that gives users fine-grained control over the resources accessed by apps. It uses permissions plugins which are special modules that govern the app's access to resources on the device. We develop a number of permissions plugins to arbitrate access to key resources including location, contacts, camera and external storage. Moreover, we show that the existing privacy solutions can be easily integrated in our framework via plugins. We also develop two novel privacy frameworks that help users balance privacy-utility tradeoffs, and allow them to take an informed decision about sharing their data to apps in order to obtain services in return. We envision a repository of permissions plugins where privacy experts publish plugins that are customized to the needs of users as well as apps, and users simply install the plugins they are interested in to protect their privacy.
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 United States License.
Rights for Collection: Duke Dissertations