|dc.description.abstract||Google’s Android platform includes a permission model that protects
access to sensitive capabilities, such as Internet access, GPS use, and
telephony. We have found that Android’s current permissions are often
overly broad, providing apps with more access than they truly require.
This deviation from least privilege increases the threat from
vulnerabilities and malware. To address this issue, we present a novel
system that can replace existing platform permissions with finer-grained
ones. A key property of our approach is that it runs today, on stock
Android devices, requiring no platform modifications. Our solution is
composed of two parts: Mr. Hide, which runs in a separate process on a
device and provides access to sensitive data as a service; and Dr.
Android (Dalvik Rewriter for Android), a tool that transforms existing
Android apps to access sensitive resources via Mr. Hide rather than
directly through the system. Together, Dr. Android and Mr. Hide can
completely remove several of an app’s existing permissions and replace
them with finer-grained ones, leveraging the platform to provide
complete mediation for protected resources. We evaluated our ideas on
several popular, free Android apps. We found that we can replace many
commonly used "dangerous" permissions with finer-grained permissions.
Moreover, apps transformed to use these finer-grained permissions run
largely as expected, with reasonable performance overhead.||en_US