You might want to check out: D. Barrera, H.G. Kayacik, P.C. van Oorschot, A. Somayaji. A Methodology for Empirical Analysis of Permission-Based Security Models and its Application to Android. ACM CCS. Oct. 2010
http://www.ccsl.carleton.ca/paper-archive/barrera-ccs-10.pdf If memory serves, for the snapshot of apps the authors looked at, it would be difficult to use categories as a strong predictor for permissions. However, it might work for a subset of permissions. -Will On Jun 1, 2011, at 8:02 AM, Whitebrow wrote: > What if you would interpolate app permissions with it's respective > category. A game usually doesn't need to access gps, it doesn't need > access to your phonebook and sms archive. > > When there is a huge discrepancy between the app's permissions and the > category it belongs to, the market app might give an extra warning > about this or block the app from installing. > > An example warning: 'Warning: This app belonging to category 'games' > wants to access your phonebook and less than 1% of apps in category > 'games' is known to do this. Fat chance you're being s#*%$d!' > > Isn't this a viable way to give more functional meaning to the > 'granting permission' part of installing apps. > Nobody really considers the potential implications when they're > installing apps anyway unless you're a devvy. > So this statistical interpolation does this for them. > > Any thoughts? > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > -- William Enck PhD Researcher Department of Computer Science and Engineering The Pennsylvania State University [email protected] -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
