一個權(quán)限的難題android智能手機上安裝應(yīng)用程序的權(quán)限外文翻譯（英文）

1、A Conundrum of Permissions:Installing Applicationson an Android SmartphonePatrick Gage Kelley, Sunny Consolvo2, Lorrie Faith Cranor,Jaeyeon Jung1, Norman Sadeh, and David Wetherall2Carnegie Mellon1 Microsoft Research2 Un

2、iversity of Washington{pkelley,lorrie,sadeh}@cs.cmu.edu, sunny@consolvo.org,jjung@microsoft.com, djw@cs.washington.eduAbstract. Each time a user installs an application on their Android phone they are presented with a fu

3、ll screen of information describing what access they will be granting that application. This information is intended to help them make two choices: whether or not they trust that the application will not damage the secur

4、ity of their device and whether or not they are willing to share their information with the ap- plication, developer, and partners in question. We performed a series of semi-structured interviews in two cities to determi

5、ne whether people read and understand these permissions screens, and to better understand how people perceive the implications of these decisions. We find that the permissions displays are generally viewed and read, but

6、not understood by Android users. Alarmingly, we find that people are unaware of the security risks associated with mobile apps and believe that app mar- ketplaces test and reject applications. In sum, users are not curre

7、ntly well prepared to make informed privacy and security decisions around installing applications.Keywords: privacy, security, android, applications, smartphone, per- missions, information design.1 IntroductionSince the

8、launch of the first Android phone in October 2008 the rise of the platform has been meteoric. Android phones accounted for over half of all smart- phone sales as of Q3 2011 [6]. With each smartphone sold, more users are

9、down- loading applications from the Android Market. As of May 2011, Google reported that over 200,000 applications were available in the Android Market and that those applications had been installed 4.5 billion times in

10、total [2].Applications are not pre-screened, instead users are given the opportunityto decide which software to install on their phone. Android app rating and recommendation site AppBrain reports that there are now 310,0

11、00 applications in the Android market, and that 33 percent of those are rated at “l(fā)ow quality.”11 http://www.appbrain.com/stats/number-of-android-appsJ. Blythe, S. Dietrich, and L.J. Camp (Eds.): FC 2012 Workshops, LNCS

12、7398, pp. 68–79, 2012. c ? The International Financial Cryptography Association 201270 P.G. Kelley et al.Follow up work by Hornyack et al. detailed a method for intercepting these leaked transmissions and replacing them

13、with non-sensitive information [7]. This functionality would allow users post-installation privacy-control. In their investi- gation they detailed the current permission requests of the top 1100 applications in the Andro

14、id Market as of November 2010. However, our work, which tests users’ understandings of the most common of these permissions, finds users have great difficulty understanding the meaning of these terms. Thus, giving users

15、the ability to limit on a case-by-case basis would likely be ineffective without assistance. Work by Vidas et al. has also studied how applications request permissions, finding prevalent “permissions creep,” due to “exis

16、ting developer APIs [which] make it difficult for developers to align their permission requests with application functionality” [15]. Felt et al., in their Android Permissions Demystified work, attempt to further explain

17、 permissions to developers [5]. However, neither of these papers explore end-users understanding of permissions. In our own work we find users attempt to rationalize why applications request specific permissions, trying

18、to understand the developers’ decisions, even if their understanding of these requests is flawed. Others who have looked at Android permissions have attempted to cluster applications that require similar permissions to s

19、implify the current scheme [3] or have attempted a comparison of modern smartphone permission systems [1]. Their work finds that Android permissions provide the most information to users (compared to other modern smartph

20、one OSs such as Symbian, Windows Phone 7, and iOS), however our interviews show that much of the information provided is not understood. Research in privacy policies, financial privacy notices, and access control have al

21、l similarly shown that privacy-related concepts and terms are often not well understood by users expected to make privacy decisions [9,10,14]. Our earlier work specifically investigated how the information display of pri

22、vacy policies could influence understanding, focusing on standardized formats, terms, and definitions. While the Android ecosystem uses a standard format and terms, clear definitions are not readily available to users.3

23、Android Permissions and DisplayAndroid app permissions are displayed to users at the time they decide to install any third-party app through the Android Market on the web or on the phone. Apps downloaded from third-party

24、 app stores (e.g., onlyAndroid, the Amazon Appstore for Android, etc.) do not necessarily show full permissions on their websites, however upon installing the application package (APK) the user is presented with a permis

25、sions screen variant. Permissions are shown within the Android Market as detailed in the following diagram, Figure 1. A user browses applications using the view shown in Screen 1. Here there is a truncated description, i