Permissions Plugins as Android Apps

The permissions framework for Android is frustratingly inflexible. Once granted a permission, Android will always allow an app to access the resource until the user manually revokes the app's permission. Prior work has proposed extensible plugin frameworks, but they have struggled to support flexible authorization and isolate apps and plugins from each other. In this paper, we propose DALF, a framework for extensible permissions plugins that provides both flexibility and isolation. The insight underlying DALF is that permissions plugins should be treated as apps themselves. This approach allows plugins to maintain state and access system resources such as a device's location while being restricted by Android's process-isolation mechanisms. Experiments with microbenchmarks and case studies with real third-party apps show promising results: plugins are easy to develop and impose acceptable overhead for most resources.