Hobson’s Choice: Security and Privacy Permissions in Android and iOS Devices

  • John HaggertyEmail author
  • Thomas Hughes-Roberts
  • Robert Hegarty
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9190)


The use of smartphones and tablet devices has grown rapidly over recent years and the widespread availability of software, often from unknown developers, has led to security and privacy concerns. In order to prevent security compromises, these devices use access control as a means by which a user is able to specify an application’s ability to interact with services and data. However, the use of access control as a security countermeasure in this environment is severely limited. For example, once permissions are granted to software, they may share data, such as location or unique identifiers with third persons without informing the user, whether or not the application is itself running. This paper presents the results of a comparative study conducted with computing students at two UK universities that identifies the issues surrounding software access control permissions in Android and iOS operating systems. Through this study, we are able to quantify the impact of security access permissions on mobile device security and privacy, even amongst specialist users.


Mobile device security Access control Android iOS 


  1. Apvrille, A., Nigam, R.: Obfuscation in Android malware, and how to fight back. Virus Bull. pp. 1–10 (2014)Google Scholar
  2. Batyuk, L., Herpich, M., Camtepe, S.A., Raddatz, K., Schmidt, A.D., Albayrak, S.: Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within android applications. In: Proceedings of the 6th International Conference on Malicious and Unwanted Software, 18–19 Oct 2011, Fajardo, Puerto Rico, pp. 66–72 (2011)Google Scholar
  3. Delac, G., Silic, M., Krolo, J.: Emerging security threats for mobile platforms. In: Proceedings of MIPRO 2011, 23–27 May 2011, Opatija, Croatia, pp. 1468–1473 (2011)Google Scholar
  4. Erturk, E.: A Case study in open source software security and privacy: android adware. In: Proceedings of the World Congress on Internet Security, 10–12 June 2012, Ontario, Canada, pp. 189–191 (2012)Google Scholar
  5. Fazeen, M., Dantu, R.: Another free app: does it have the right intentions? In: Proceedings of the 12th Annual Conference on Privacy, Security and Trust, 23–24 July 2014, Toronto, Canada, pp. 283–289 (2014)Google Scholar
  6. Frank, M., Dong, B., Porter Felt, A., Song, D.: Mining permission request patterns from android and facebook applications. In: Proceedings of the 12th International Conference on Data Mining, 10–13 Dec 2012, Brussels, Belgium, pp. 870–875 (2012)Google Scholar
  7. Ghosh, D., Joshi, A., Finin, T., Jagtap, P.: Privacy control in smart phones using semantically rich reasoning and context modeling. In: Proceedings of the Symposium on Security and Privacy Workshops, 24–25 May 2012, San Francisco, CA, USA, pp. 82–85 (2012)Google Scholar
  8. Google: Using OAuth 2.0 for server to server applications. (Accessed on Feb 10, 2015)
  9. IDC (International Data Corporation): Smartphone OS Market Share, Q3 2014. (2015) (Accessed on Feb 10, 2015)
  10. Madden, D.: BBC internet blog - BBC iPlayer android app update. (2012) (Accessed Feb 10, 2015)
  11. Mylonas, A., Dritsas, S., Tsoumas, B., Gritzalis, D.: Smartphone security evaluation the malware attack case. In: Proceedings of the International Conference on Security and Cryptography, 18–21 July 2011, Seville, Spain, pp. 25–36 (2011)Google Scholar
  12. Felt, P.A., Egelman, S., Finifter, M., Akhawe, D., Wagner, D.: How to Ask for Permission. In: Proceedings of HotSec ‘12, 7 Aug 2012, Bellevue, WA, USA (2012)Google Scholar
  13. Felt, AP., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, 17–21 Oct 2011, Chicago, IL, USA, pp. 3–14 (2011)Google Scholar
  14. Luo, Y., Gu, D., Li, J.: Toward active and efficient privacy protection for android. In: Proceedings of the International Conference on Information Science and Technology, 23–25 March, 2013, Yangzhou, Jiangsu, China, pp. 925–929 (2013)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • John Haggerty
    • 1
    Email author
  • Thomas Hughes-Roberts
    • 1
  • Robert Hegarty
    • 2
  1. 1.School of Science and TechnologyNottingham Trent UniversityNottinghamUK
  2. 2.School of Computing, Mathematics and Digital TechnologyManchester Metropolitan UniversityManchesterUK

Personalised recommendations