To protect user's privacy and system's integrity, mobile platforms use
permission models to
control accesses to protected resources such as GPS location,
Contacts, etc. The previous major version of Android used a static
permission model, which compromised the security and privacy of apps.
Android 6 overhauled its permission model to ask permissions at
runtime which reduces the risk of permission abuse. However, migrating
to the runtime permission model requires significant effort from the
In our research we conducted a large-scale formative study to
understand how app developers use and migrate to
the new permission model. Inspired by these findings, we designed,
implemented, and evaluated a tool suite that (i) recommends locations
where to insert permission requests and (ii) automatically inserts all
the permission-related code.
Our empirical evaluations on a diverse corpus of real-world apps show
that our tools are highly applicable and accurate.
This page contains the supporting artifacts for our research paper (which is currently under review at a major conference). Meanwhile you can read our Tech Report.
An earlier version of our DP-TRANSFORM was demo-ed at the Google I/O'16 developer conference.
DroidPerm Demo @ Google I/O 2016 (Youtube)
To evaluate DP-TRANSFORM we used a diverse corpus of 71 randomly selected open-source apps from GitHub, comprising 920K lines of code. Developers already migrated these apps to Android 6. We rolled back the permission-related code and then used DP-TRANSFORM to reintroduce permissions in the same locations. Then we compare the developers' changes with those carried out by DP-TRANSFORM.
If you found the DroidPerm toolset useful, we would love to hear from you. Please send constructive feedback to Denis