Android API Permission Research

Who are We?

This research was conducted by Austin Shawaga, an undergraduate Computer Science Major at the University of Calgary.
The research was supervised by Dr. Joel Reardon who is an assistant professor at the University of Calgary.
This Research Project was funded by a P.U.R.E. award. For more information on the P.U.R.E. program please visit their Website.
For contact information please view the Contact Us tab.

What is our Research About?

The research project was a response to frustrations that are often experienced by researchers and developers alike when utilizing the Android operating system programmatically. While the changelog and developer documentation are vast across the Android versions, it is hard to find API level specific information; most of the method descriptions only reflect the latest version and the change logs are always relative to the last update rather than older versions. Due to this design, it is difficult to have a specific API data request paired with an Android Version and find the permissions required to accomplish it.

Our research serves two purposes:

  1. It helps developers who are writing applications for the Android operating system. Should a developer wish to accomplish a specific API call to obtain sensitive data, our tool provides information on a handful of API calls so that they can find the permissions required. With a few clicks, our tool displays which permissions are required to retrieve the sensitive information and most of the time, it also provides a starting point on how to accomplish it.
  2. Our research helps academics who are also conducting research on the operating system. By outlining the permissions needed to access sensitive data it makes security analysis easier across Android versions and allows easier manipulation of the operating system should it be required for research. For more information on our security findings and analysis, please view the section below.

Security Related Findings and Analysis

We are currently drafting a research paper explaining our security related findings and analysis.
When completed, the paper will be linked here with a brief summary of what we have discovered.