PERMITME: integrating android permissioning support in the IDE.

ABSTRACTOne of the most common security & privacy issues concerning mobile applications is the unnecessary access to sensitive information and resources. In a mobile application platform like Android, where a permission mechanism is used to maintain access control, the app developer dictates what permissions are necessary at install time. For various reasons however, including user confusion and lack of proper documentation, developers may overcompensate for the necessary permission. By this we mean developers often incorporate more permissions than are necessary for an app to function, thus undermining the access control mechanism and increasing the potential risk from a vulnerability exploit where sensitive user information is compromised. Even when developers intentionally include extra permissions, we believe it still the duty of a developer to at least be aware of what is at stake when it comes to collecting user information. In this paper we present PermitMe, a tool developed as a plugin for the Eclipse IDE, to interactively guide developers on the set of required permissions when creating Android applications. We conducted a between-groups user study in order to evaluate the effectiveness, efficiency, and usability of the PermitMe tool in enhancing the developer's experience when deciding to include Android permissions in their mobile applications.