Evolution of Android's Permission-based Security Model and Challenges

TL;DR

This paper provides a comprehensive survey of the evolution, challenges, and research efforts related to Android's permission-based security model from 2010 to 2022, highlighting ongoing issues and future directions.

Contribution

It systematically analyzes the Android permission model's evolution, issues, and research gaps over the last decade through literature review and comparative analysis.

Findings

Identified key challenges in Android permission system

Mapped Android API calls to permissions

Summarized research gaps and future directions

Abstract

Android Permission Model and Application (app) analysis has consistently remained the focus of the investigation of research groups and stakeholders of the Android ecosystem since it was launched in 2008. Even though the Android smartphone operating system (OS) permission model has evolved significantly from `all-or-none access' to `user-chosen dangerous resource access', specific challenges and issues remain unresolved even after 15 years after the smartphone OS launch. This study addresses the issues and documents the research work in this arena through a comprehensive literature survey and comparative analysis. The survey's focal point is the Android permission model and relevant research between 2010-2022. We systematize the knowledge on (i) Android API Calls to permissions mapping, (ii) Android Permissions evolution, and (iii) how permissions are checked. Furthermore, the survey identifies the permission-related issues and relevant research addressed during the last decade. We reference seminal work in these areas. We summarize the identified research gaps and present future directions for early and experienced researchers.