Intent-Aware Permission Architecture: A Model for Rethinking Informed Consent for Android Apps

TL;DR

This paper introduces an intent-aware permission architecture for Android that enhances user informed consent by clearly disclosing data request purposes and scope, aiming to improve privacy transparency and trust.

Contribution

It proposes a novel extension to Android's permission model using an ontology-based approach for explicit purpose disclosure.

Findings

Design of a standardized intent declaration mechanism

Improved transparency in data request purposes

Potential for increased user trust and informed decision-making

Abstract

As data privacy continues to be a crucial human-right concern as recognized by the UN, regulatory agencies have demanded developers obtain user permission before accessing user-sensitive data. Mainly through the use of privacy policies statements, developers fulfill their legal requirements to keep users abreast of the requests for their data. In addition, platforms such as Android enforces explicit permission request using the permission model. Nonetheless, recent research has shown that service providers hardly make full disclosure when requesting data in these statements. Neither is the current permission model designed to provide adequate informed consent. Often users have no clear understanding of the reason and scope of usage of the data request. This paper proposes an unambiguous, informed consent process that provides developers with a standardized method for declaring Intent. Our proposed Intent-aware permission architecture extends the current Android permission model with a precise mechanism for full disclosure of purpose and scope limitation. The design of which is based on an ontology study of data requests purposes. The overarching objective of this model is to ensure end-users are adequately informed before making decisions on their data. Additionally, this model has the potential to improve trust between end-users and developers.