TY - GEN
T1 - A large-scale empirical study on android runtime-permission rationale messages
AU - Liu, Xueqing
AU - Leng, Yue
AU - Yang, Wei
AU - Wang, Wenyu
AU - Zhai, Chengxiang
AU - Xie, Tao
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/10/23
Y1 - 2018/10/23
N2 - After Android 6.0 introduces the runtime-permission system, many apps provide runtime-permission-group rationales for the users to better understand the permissions requested by the apps. To understand the patterns of rationales and to what extent the rationales can improve the users' understanding of the purposes of requesting permission groups, we conduct a large-scale measurement study on five aspects of runtime rationales. We have five main findings: (1) less than 25% apps under study provide rationales; (2) for permission-group purposes that are difficult to understand, the proportions of apps that provide rationales are even lower; (3) the purposes stated in a significant proportion of rationales are incorrect; (4) a large proportion of customized rationales do not provide more information than the default permission-requesting message of Android; (5) apps that provide rationales are more likely to explain the same permission group's purposes in their descriptions than apps that do not provide rationales.
AB - After Android 6.0 introduces the runtime-permission system, many apps provide runtime-permission-group rationales for the users to better understand the permissions requested by the apps. To understand the patterns of rationales and to what extent the rationales can improve the users' understanding of the purposes of requesting permission groups, we conduct a large-scale measurement study on five aspects of runtime rationales. We have five main findings: (1) less than 25% apps under study provide rationales; (2) for permission-group purposes that are difficult to understand, the proportions of apps that provide rationales are even lower; (3) the purposes stated in a significant proportion of rationales are incorrect; (4) a large proportion of customized rationales do not provide more information than the default permission-requesting message of Android; (5) apps that provide rationales are more likely to explain the same permission group's purposes in their descriptions than apps that do not provide rationales.
KW - Android Security
KW - Natural Language Processing
KW - Rationale
KW - Runtime Permission
UR - http://www.scopus.com/inward/record.url?scp=85056890822&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85056890822&partnerID=8YFLogxK
U2 - 10.1109/VLHCC.2018.8506574
DO - 10.1109/VLHCC.2018.8506574
M3 - Conference contribution
AN - SCOPUS:85056890822
T3 - Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing, VL/HCC
SP - 137
EP - 146
BT - Proceedings - 2018 IEEE Symposium on Visual Languages and Human-Centric Computing, VL/HCC 2018
A2 - Kelleher, Caitlin
A2 - Engels, Gregor
A2 - Fernandes, Joao Paulo
A2 - Cunha, Jacome
A2 - Mendes, Jorge
T2 - 2018 IEEE Symposium on Visual Languages and Human-Centric Computing, VL/HCC 2018
Y2 - 1 October 2018 through 4 October 2018
ER -