Abstract:With the expansion of the market share occupied by the Android platform, security issues (especially application security) have become attention focus of researchers. In fact, the existing methods lack the capabilities to manage application permissions without root privilege. This study proposes a dynamic management mechanism of Android application permissions based on security policies. The paper first describes the permissions by security policies, then implementes permission checking code and request evaluation algorithm in Android framework layer. Experimental results indicate that the presented approach succeeds in permission management of Android applications, and its system overhead is low, which makes it an effective method for Android permission management.

What problem does this paper attempt to address?

The main problem that this paper attempts to solve is the security problem of the Android platform, which specifically includes the following aspects: 1. **Underlying security issues**: Some root tools have already achieved root privilege escalation on the latest version of Android, which provides an opportunity for malware to abuse privileges. In particular, illegal root operations are likely to damage the existing security system of the system, causing the system to face greater security risks. 2. **Upper - layer application security issues**: Currently, there is a lack of an effective method to manage the permissions of Android applications, resulting in permission chaos and lack of management in applications. Due to the negligence of developers or malicious intentions, some applications will apply for many permissions that are not related to themselves, threatening the security of the system and user data. In order to solve the above problems, the paper proposes a multi - level Android system permission control method, specifically including: - **Underlying Linux user permission model**: A Linux user permission model for MLS (Multi - Level Security) is proposed, and a conversion algorithm from the Linux user permission relationship tree to the MLS security level definition is given. By constructing the Linux user permission relationship tree, the permission inclusion relationship between different users is ensured, and the MLS mechanism is used for security enhancement. - **Upper - layer application dynamic permission management mechanism**: An Android application permission dynamic management mechanism based on security policies is designed. A permission checkpoint is set at the Android framework layer, and a request evaluation algorithm is called for authorization evaluation, thereby achieving effective monitoring of application behavior and permission management. The experimental results show that this method can effectively manage the normal invocation of Android application permissions, restrict illegal invocations, and has a small system overhead and will not significantly affect the user experience.

Android Multi-Level System Permission Management Approach

Towards a multilayered permission-based access control for extending Android security.

Enhancement of Permission Management for an ARM-Android Platform.

What Permissions Should This Android App Request?

Component-based Permission Management of Android Applications

SPA: Inviting Your Friends to Help Set Android Apps.

Permission based Android security: Issues and countermeasures

An Adaptive Android Security Extension Against Privilege Escalation Attacks

Systematic Detection of Capability Leaks in Stock Android Smartphones.

Detecting capability leaks in Android-based smartphones

Perman: Fine-Grained Permission Management for Android Applications

Android Custom Permissions Demystified: A Comprehensive Security Evaluation

ON RELATIONSHIP OF FUNCTIONS AND PERMISSIONS IN ANDROID APPLICATIONS

An Adaptive and Configurable Protection Framework Against Android Privilege Escalation Threats

Taming Information-Stealing Smartphone Applications (On Android)

Reevaluating Android Permission Gaps With Static And Dynamic Analysis

Automatic Permission Optimization Framework for Privacy Enhancement of Mobile Applications

Dr. Android and Mr. Hide: Fine-grained Security Policies on Unmodified Android

Android application fine-grained access control based on self-defined security policy

Broken Relationship of Mobile User Intentions and Permission Control of Shared System Resources

Android Apps： Static Analysis Based on Permission Classification