Publications

Revisiting Permission Piggybacking of Third-Party Libraries in Android Apps

AuthorHeid, Kris; Sonntag, Elena Julia; Heider, Jens
Date2025
TypeConference Paper
AbstractPermissions have been employed to let the user decide on components an app can interact with. However, apps typically consist of the main app along with several libraries to support the developer with various functionality and tasks. The fact that libraries inherit the permissions of the main app gives these libraries often more rights than needed for their core functionality. Many libraries do permission piggybacking and thus probe available permissions without requesting permissions themselves and adapt their behavior accordingly. Especially, advertisement and tracking libraries show high interest to collect as much user data as possible through this technique. Many works have previously addressed this problem but no solution has made its way into Android. This work delivers a novel analysis technique agnostic to the Android API level without manual mapping effort like previous works. Our results show, that permission piggybacking remains a problem to be urgently addressed.
ConferenceInternational Conference on Information Systems Security and Privacy 2025
Urlhttps://publica.fraunhofer.de/handle/publica/486121