Context Aware Dynamic Permission Model: A Retrospect of Privacy and Security in Android System Sumit Kumar Department of Computer Science & Engineering Lovely Professional University Phagwara, India mail.sumitkumar30@gmail.com Ravi Shanker Department of Computer Science & Engineering Lovely Professional University Phagwara, India ravishanker20@gmail.com Dr. Sahil Verma Department of Computer Science & Engineering Lovely Professional University Phagwara, India sahil.21915@lpu.co.in Abstract—Android security has been a topic of concern lately in both academic and industrial research because of various occurrence of privacy leaks and security breach on these devices. The security model of Android operating system is based on a permission based mechanism which limits the access of any third-party application to critical resources of the mobile device. This mechanism has been broadly condemned for its coarse-grained control over system resources and inappropriate authorization of permissions by application developers, advertisers and end users. This paper inspects the emerging issues in permission based security mechanisms and proposes the concept of context aware dynamic permissions model (CAPM) for Android systems. The proposed model deals with the dynamic enforcement of permissions to a particular application according to the defined context without user’s intervention. Our model assign profiles to different applications based on their functional groups and these profiles contain a set of permissions with some associated context. The context can be based upon system or sensor sources. This way, if the data is private or confidential, the permissions set ought to be stricter than usual. Our concept is unique as it associates context with permissions as opposed to the existing model of assigning permissions according to applications functionality. This concept can be proved helpful in protecting user’s private data from being leaked simply by modifying the existing resource access mechanism. Keywords—android security; privacy leaks; permissions mechanism; access control; context aware permission based security; I. INTRODUCTION Amid the most recent decade, there has been a noteworthy change in the mobile ecosystem, as more and more legacy systems have been replaced by smart computing devices. This is because of a mix of progression of innovation that expanded the computational limit of mobile phones along with the advancement of technology and a drop in cost at the same time. The ubiquitous nature of mobile devices made them available in both personal and professional surroundings. With the continuous availability of internet and users started being online always, this carries huge security challenges, since most of the smartphone users have a continually appended personal profile to their devices. Android operating system is the largest part of the mobile ecosystem, comprised of approximately 85% [1] of mobile devices running it. As a result of this predominance of Android based devices, around 98% of the attack vectors were focused on this open source system. Android smartphones are secured by a permission based mechanism [2] which limits third-party applications to get access to sensitive resources of the mobile device, for example, access to internal file system, microphone, Bluetooth, messages/contacts database etc. One major issue with the present permissions framework [3] is that once an application gets access to a particular type of resource, the application dependably has the benefit to get to the resources having the similar group ID. Such permission based model is reproached as coarse grained [4]. Several applications have a tendency to request altogether a huge number of permissions than would ordinarily be suitable. They don’t reinforce the dynamic swapping of permissions based on some defined context. Such a static way to deal with permissions isn’t appropriate in case of mobile devices. The security risks associated depends very much upon the present state, while getting to a specific resource is harmless in one context, it might violate users privacy in another context. While the current Android API (v23 and above) permits altering of permissions setting, it is preposterous to change the long list of permissions setting manually when the context changes so quickly and frequently. Moreover, the current permissions model [5] has approximately over 140 permissions. The major issue with such a model is, to the point that the user needs to manage huge number of access rules formation. For instance, say if we have ‘m’ number of applications and ‘n’ permissions associated with those applications, then in worst case, the user has to deal with O(m x n) number of access rules. Furthermore, in case if context is also considered, then on an average, users have to associate one or more contexts for every permission. This will end up having O(m x n x c) number of rule formations, where c is the number of contexts defined for a single permission. In order to overcome these issues, we propose a context aware [6] dynamic permissions model, which functions by granting permissions access to applications depending upon the context they are asking for. In this mechanism, users are not required to manage countless permissions, rather they simply need to assign different contexts to the given application during the application installation time. Although, the proposed model is for Android operating system, the main concept can be applicable to other platforms as well. The rest of this paper is composed in the following sections: In the first section we give a short introduction to Android permissions model. In the second section, we’ll briefly discuss about the issues with permission based 324 2018 International Conference on Intelligent Circuits and Systems 978-1-5386-6483-4/18/$31.00 ©2018 IEEE DOI 10.1109/ICICS.2018.00073