Does the android permission system provide adequate information privacy protection for end-users of mobile apps?

Lane, Michael (2012) Does the android permission system provide adequate information privacy protection for end-users of mobile apps? In: 10th Australian Information Security Management Conference (SECAU 2012), 3-5 Dec 2012, Perth, Western Australia.

PDF (Published Version)

Download (279Kb)


This paper investigates the Android permission system and its adequacy in alerting end-users of potential information privacy risks in an app. When an end-user seeks to install an app, they are presented with the required permissions and make a supposedly informed decision as to whether to install that app based on the permissions presented. The results from an analysis of ten popular apps indicate a number of permissions that pose potential information privacy risks of which most end-users are likely to be unaware. The Android permission system is complex and difficult for end-users to comprehend and effectively evaluate the potential information privacy and security risks in an app. Most end-users will install the app without evaluating the list of required permissions presented to them. Furthermore there is an inconsistent approach to informing end-users about the privacy policy and terms of use for Android apps. The findings of this paper indicate a need for better decision support apps so end-users can more easily make better decisions regarding privacy and security protection provided by apps. Future research should also examine the free market failure of mobile application market places to provide adequate privacy protection and the need for stronger privacy protection laws.

Statistics for USQ ePrint 22282
Statistics for this ePrint Item
Item Type: Conference or Workshop Item (Commonwealth Reporting Category E) (Paper)
Refereed: Yes
Item Status: Live Archive
Additional Information: No evidence of copyright restrictions preventing deposit.
Faculty / Department / School: Historic - Faculty of Business and Law - School of Information Systems
Date Deposited: 10 Jan 2013 01:52
Last Modified: 14 Aug 2014 05:38
Uncontrolled Keywords: information privacy, smartphones, android, risks, permission systems, mobile applications
Fields of Research : 08 Information and Computing Sciences > 0806 Information Systems > 080699 Information Systems not elsewhere classified
08 Information and Computing Sciences > 0803 Computer Software > 080303 Computer System Security
Socio-Economic Objective: B Economic Development > 89 Information and Communication Services > 8901 Communication Networks and Services > 890103 Mobile Data Networks and Services
E Expanding Knowledge > 97 Expanding Knowledge > 970108 Expanding Knowledge in the Information and Computing Sciences

Actions (login required)

View Item Archive Repository Staff Only