Application platforms provide applications with access to hardware (e.g., GPS and cameras) and personal data. Modern platforms use permission systems to protect access to these resources. The nature of these permission systems vary widely across platforms. Some platforms obtain user consent as part of installation, while others display runtime consent dialogs. We propose a set of guidelines to aid platform designers in determining the most appropriate permission-granting mechanism for a given permission. We apply our proposal to a smart-phone platform. A preliminary evaluation indicates that our model will reduce the number of warnings presented to users, thereby reducing habituation effects.
Adrienne Porter Felt, Serge Egelman, Matthew Finifter, Devdatta Akhawe, and David Wagner. How to ask for permission. In Proceedings of the 7th USENIX conference on Hot Topics in Security (HotSec’12). USENIX Association, Berkeley, CA, USA, 7-7. 2012.