Current smartphone operating systems have a runtime permission model, which allows users to manage and customize permissions to meet their personal preferences. However, this model leaves users in the dark about permissions capabilities and their potential risks.

In Can Systems Explain Permissions Better? Understanding Users’ Misperceptions under Smartphone Runtime Permission Model, CSE/CNS Ph.D. students Bingyu Shen, Chengcheng Xiang, Yudong Wu, and Mingyao Shen and CSE Professor Yuanyuan Zhou explore several common misconceptions about permissions and the benefits of providing additional information.

The team took a mixed-methods approach, analyzing users’ permission settings and surveying them to determine how well they understand them. They found users often fail to understand permission model evolution and permission group capabilities.

After surveying users about their common concerns, the team pinpointed five types of information that could support better user decision-making. They went on to provide suggestions for system designers to address these common issues and enhance future systems. The team will present their findings at the 30th Usenix Security Symposium in August, 2021.