# Advancing Android app permissions with eFLINT

*Supervisor(s)*: L. Thomas van Binsbergen (l.t.vanbinsbergen@uva.nl), Marco Brohet (m.j.a.brohet@uva.nl)

Smart phones have become an essential part of daily life in today's world. The introduction of mobile applications has made it a lot easier to extend digital services with personal data. This does raise the question whether we are not giving away too much data. In Android, one of the most popular mobile platforms, access to potentially sensitive data is regulated through *permissions*. An app must declare which permissions are required and permission needs to give before certain features in the app can be used. However, it is not always clear or transparent how a feature uses data generated by or stored on the phone, i.e. which internal actions are being performed and which data they use. For example, how can we be sure that an app with permission to access the microphone is only accessing the microphone when we expect it to? Moreover, permissions tend to be coarse-grained, while a more fine-grained specifications are possible. For example, you might like to be able say that a particular app can only access the e-mail addresses and names of contacts, rather than all information about contacts.

The goal of this project is to investigate how and to which extent these problems can be addressed by integrating eFLINT into Android. eFLINT is a domain-specific language used in several research projects at the Informatics Institute to develop and study systems that, by design, comply with so-called social policies ranging from laws, regulations, contracts to permissions and other system-level policies. As a starting point, you can use a development environment such as Android Studio [2] to define an app that accesses a sensor (such as the microphone or GPS location) and/or makes various system calls. This app serves to simulate actual apps for which permissions are to be specified using eFLINT. By monitoring the access to sensor data and by monitoring system calls, a more fine-grained picture of the apps inner workings is obtained, which can then be compared to the specified policies. In next steps, the simulation can be extended to involve more sensors and system calls and to work towards a general approach for integrating eFLINT in Android. A significant real-world use-case, such as the CoronaMelder app, can be used as well.

[1] Van Binsbergen, L. Thomas, et al. "eFLINT: a domain-specific language for executable norm specifications." Proceedings of the 19th ACM SIGPLAN International Conference on
Generative Programming: Concepts and Experiences. 2020. DOI: https://doi.org/10.1145/3425898.3426958
[2] https://developer.android.com/studio

Associated UvA research group: IvI - Complex Cyber Infrastructure (CCI)