Papilio: Visualizing Android Application Permissions

• Published in: Computer graphics forum Vol. 33; no. 3; pp. 391 - 400
• Main Authors: Loorak, M. Hosseinkhani, Fong, P.W.L., Carpendale, S.
• Format: Journal Article
• Language: English
• Published: Oxford Blackwell Publishing Ltd 01.06.2014
• Subjects: Analysis; Categories and Subject Descriptors (according to ACM CCS); Computer graphics; Computer information security; H.5.2 [Information Systems]: Information Interfaces and Presentation-User Interfaces; Operating systems; Studies; Visualization
• ISSN: 0167-7055; 1467-8659
• DOI: 10.1111/cgf.12395

We introduce Papilio, a new visualization technique for visualizing permissions of real‐world Android applications. We explore the development of layouts that exploit the directed acyclic nature of Android application permission data to develop a new explicit layout technique that incorporates aspects of set membership, node‐link diagrams and matrix layouts. By grouping applications based on sets of requested permissions, a structure can be formed with partially ordered relations. The Papilio layout shows sets of applications centrally, the relations among applications on one side and application permissions, as the reason behind the existence of the partial order, on the other side. Using Papilio to explore a set of Android applications as a case study has led to new security findings regarding permission usage by Android applications.