RecDroid:
A Resource Access Permission Control Portal
and Recommendation Service for Smartphone Users
Bahman Rashidi
Carol Fung
Virginia Commonwealth University
Tam Vu
University of Colorado-Denver
ACM Workshop on Security and Privacy in Mobile Environments (SPME 2014)
All-or-Nothing Permission Granting
• Collecting irrelevant data
• Miss uses of sensitive information
• Inefficiency
• Privacy concerns
Can we give users more control
with better usability?
• Only a 3% of users pay attention
•
..and for that small portion
• Inexperienced users
• Urge of using the app
RecDroid Framework
 Two app installation modes
for any new apps:
 Trusted
 Probation
ACM Workshop on Security and Privacy in Mobile Environments (SPME 2014)
3/13
RecDroid Framework
 Two app installation modes
for any new apps:
 Trusted
 Probation
 Real-time resource granting
decisions
 with expert and peer
recommendation system
ACM Workshop on Security and Privacy in Mobile Environments (SPME 2014)
3/13
RecDroid Design
1. Collecting permission-request
responses
2. Analyzing the responses
3. Recommend low-risk responses
to permission requests
4. Expanding expert user base
5. Ranking the apps
ACM Workshop on Security and Privacy in Mobile Environments (SPME 2014)
5/13
RecDroid Design
Permission request flow in RecDroid
ACM Workshop on Security and Privacy in Mobile Environments (SPME 2014)
6/13
Preliminary Implementation
Android OS modification
 Capturing the resource access requests
 Package Manager Service
PackageManagerService.java
ACM Workshop on Security and Privacy in Mobile Environments (SPME 2014)
9/13
Preliminary Implementation (cont.)
RecDroid Expert-user Spanning Algorithm
 Covering a wide class of applications requires crowdsourcing
 Expert ranking algorithm is based on weighted voting
ACM Workshop on Security and Privacy in Mobile Environments (SPME 2014)
11/13
Preliminary Implementation (cont.)
RecDroid recommendation server
 Recording the users responses
 Decision recommendation to users
ACM Workshop on Security and Privacy in Mobile Environments (SPME 2014)
11/13
In progress…
• Recommendation system improvement
• Context aware permission profiling
• User trials
ACM Workshop on Security and Privacy in Mobile Environments (SPME 2014)
13/13
Thank you!
ACM Workshop on Security and Privacy in Mobile Environments (SPME 2014)
13/13