Friday, November 30, 2012

Analysis of Most Unexpected Permissions for Android Apps

Our team has been analyzing Android apps for unusual behaviors, using crowdsourcing techniques to find differences between what people expect an app to do and what an app does in reality.

Here are the top 10 most unexpected permissions, based on our crowdsourcing approach to analyze the behavior of Android apps. Each circle represents the level of surprise people had for each permission (N=20). For example, a vast majority of people (95%) were surprised that Brightest Flashlight used location data, but no one (0%) was surprised that Google Maps did so. Here, we can use level of surprise as one form of privacy. If people aren't surprised, then from our perspective it's less of a privacy issue, since people have some level of informed consent. On the other hand, if lots of people are surprised, then we have a potential privacy issue at hand.

Click to zoom

Here is the top 10 list in text form, with links to more analysis where available.

  1. Brightest Flashlight
  2. Toss It
  3. Angry Birds
  4. Talking Tom Free
  5. Backgrounds HD Wallpapers
  6. Dictionary.com
  7. Mouse Trap
  8. Horoscope
  9. Shazam
  10. Pandora


Note that some of these uses, while rated unusual, were actually perceived as legitimate once it was explained how the data was used. For example, the Dictionary.com app uses location for finding words that others near you are searching for, rather than for ads or other purposes. In our work, we also found that people were generally ok with this usage once it was made clear to them.

In the short-term, the main thrust of our research is to help people understand these kinds of unusual behaviors of apps, as well as increase transparency. It's worth pointing out too that a lot of this information seems to be used for advertising rather than malicious purposes (though it obviously depends on your definition of malicious). In the long-term, we need better policies and best practices around this kind of data collection, as well as better ways of helping developers create sustainable business models that also respect privacy. 

Note that this list is based on the top 100 most popular Android apps around December 2011, so some things may have changed since then.


-------------------


Below is an analysis of the Top 10 Most Downloaded Android apps, showing the level of surprises. For example, for Angry Birds, we found that 80% of people (N=20) were surprised that it used location at all, whereas for Google Maps, 0% of people were surprised.

Click to Zoom
Here is the same list in text format, with links to more analysis for apps that we have probed in more depth.
  1. Facebook
  2. Google Maps
  3. Angry Birds
  4. Pandora
  5. KakaoTalk Messenger
  6. Bubble Blast
  7. Paradise Island
  8. Handcent SMS
  9. Adobe Flash Player
  10. Tap Fish
You can also read more about our research here (PDF). This work was done by Jialiu Lin, Shah Amini, myself (Jason Hong), and Norman Sadeh. This work is also funded in part by the National Science Foundation, Google, and the Army Research Office.

No comments: