3P Framework: Customizable Permission Architecture for Mobile Applications

Mobile applications & smart devices have drastically changed our routine tasks, and have become an integral part of modern society. Along with the numerous benefits we get, major challenges like privacy and safety have become complicated than before. The permission based system for mobile applications is designed to empower the user to decide which resources and information they want the application to access. Most of these permissions are granted during installation of application, but our study shows that the users make weak decisions in protecting their information. Majority of the users, even with technical backgrounds, blindly grant all permissions requested by the application even if they are not necessary for the application to run. In order to give more control to the user, and to enable them to make informed decisions regarding permission, we have proposed a Privacy Permission Policy Framework in this paper. This framework enables the user to have greater control over the permission granting while installing the mobile applications. The implementation and testing of the framework also enabled us to run forensic analysis and understand the scope of permissions requested, based on which this framework can advise the user to select minimum required permissions for the application to work. This makes the users' privacy more secure, and grants full control over the process.