Australian Information Security Management Conference

Document Type

Conference Proceeding


SRI Security Research Institute, Edith Cowan University, Perth, Western Australia


10th Australian Information Security Management Conference, Novotel Langley Hotel, Perth, Western Australia, 3rd-5th December, 2012


This paper investigates the Android permission system and its adequacy in alerting end-users of potential information privacy risks in an app. When an end-user seeks to install an app, they are presented with the required permissions and make a supposedly informed decision as to whether to install that app based on the permissions presented. The results from an analysis of ten popular apps indicate a number of permissions that pose potential information privacy risks of which most end-users are likely to be unaware. The Android permission system is complex and difficult for end-users to comprehend and effectively evaluate the potential information privacy and security risks in an app. Most end-users will install the app without evaluating the list of required permissions presented to them. Furthermore there is an inconsistent approach to informing end-users about the privacy policy and terms of use for Android apps. The findings of this paper indicate a need for better decision support apps so end-users can more easily make better decisions regarding privacy and security protection provided by apps. Future research should also examine the free market failure of mobile application market places to provide adequate privacy protection and the need for stronger privacy protection laws.