【正文】 ll similarly shown that privacyrelated concepts and terms are often not well understood by users expected to make privacy decisions[9,10,14]. Our earlier work specifically investigated how the information display of privacy policies could influence understanding, focusing on standardized formats, terms, and definitions. While the Android ecosystem uses a standard format and terms, clear definitions are not readily available to users. A Conundrum of Permissions: Installing Applications on and Android Smartphone 4 3 Android Permissions and Display Android app permissions are displayed to users at the time they decide to install any thirdparty app through the Android Market on the web or on the phone. Apps downloaded from thirdparty app stores do not necessarily show full permissions on their websites, however upon installing the application package (APK) the user is presented with a permissions screen variant. Permissions are shown within the Android Market as detailed in the following diagram, Figure 1. A user browses applications using the view shown in Screen 1. Here there is a truncated description, information about ratings, reviews, screenshots, etc. If a user decides to install they click the button labeled with the price of the application, here FREE. This brings them to Screen 2, Fig 1 The figure above shows the workflow for installing applications and viewing application permissions. Screen 1 shows the Amazon Kindle application as displayed in the Android Market. If a user were to click ”FREE,” circled in red, they are shown Screen 2, which allows them to Accept permissions and install the application, or to click the ”Show” button which leads the user to Screens 3 and 4. Where they are given a short list of permissions. If users double tap the FREE button on Screen 1, they skip Screen 2 and essentially approve the permissions without reading. Though Screen 2 serves the sole purpose of an interstitial permissions display between the market and a purchase decision, the plete list of permissions is not displayed. To explore the full permission request they would click the more expander, bringing them to Screen 3. Here they would see a more plete list of per missions with some permission shown in red and a Show all button, which displays the entire list if toggled. At no point in this process is there an explicit way for users to cancel. The only way for users to not install the application after viewing the permissions is to use the physical A Conundrum of Permissions: Installing Applications on and Android Smartphone 5 back or home buttons on their phone. The default permissions and groups in the Android SDK are detailed at Android’s developer site. The human readable terms are not included in the Android documentation. 4 Methodology To reach a deeper and more nuanced understanding of how people navigate the current Android ecosystem, we conducted semistructured interviews in summer 2021 with 20 participants from Pittsburgh and Seattle. The interviews were exploratory in nature, seeking broad understanding of participant’s interactions with their smart phones as well as diving deeply into issues surrounding the display of permissions, the safety of the Android Market, and possible harms of information sharing. We recruited participants through flayers around each city and local Craigslist postings. Each candidate filled out a short presurvey online before the interview, which allowed us to confirm they did use an Androidenabled Smartphone. Those participants who opted into the subsequent interview arrived at our labs and pleted our consent form allowing us to make an audio recording of their interview. Following the interview participants were given the opportunity to optin to share their application information with us, collected through a script running on a local laptop, which we connected their phone to via USB while they watched. Participants’ quotes throughout the remainder of the paper are taken from transcriptions made from the audio recordings of the interviews. Participants were paid $20 for successful pletion of the interview, in the form of their choices of Target, Starbucks, or Barnes amp。 參考文獻(xiàn) 一個(gè)權(quán)限的難題： Android 智能手機(jī)上安裝應(yīng)用程序的權(quán)限 9 1. Au, ., Zhou, ., Huang, Z., Gill, P., and Lie, D. 2021. Short paper: a look at smartphone permission models. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices (SPSM ’11). 2. Barra, H. 2021. Android: momentum, mobile and more at Google I/O. The OfficialGoogleBlog. 3. Barrera, B., Kayacik, ., van Oorschot, ., and Somayaji, A. 2021. Amethodology for empirical analysis of permissionbased security models and its application to android. In Proceedings of the 17th ACM conference on Computer and munications security (CCS ’10). 4. Enck, W., Gilbert, P., Chun, B., Cox, ., Jung, J., McDaniel, P., and Sheth, A. 2021. TaintDroid: an informationflow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th USENIX conference on Operating systems design and implementation (OSDI’10). 5. Felt, ., Chin, E., Hanna, S., Song, D., Wagner, D. 2021. Android Permissions Demystified. In Proceedings of the 18th ACM conference on Computer and munications security (CCS’11). 6. Gartner. 2021. Gartner Says Sales of Mobile Devices Grew Percent in Third Quarter of 2021。還要感謝陪我一路坐下來的 Seungyeop Han, Peter Hornyack, Jialiu Lin, Stuart Schechter, and Tim Vidas 等人。 8 致謝 作者首先要感謝來自美國英特網(wǎng)公司同行的大力支持。 Android 用戶很難去發(fā)現(xiàn)這些攜帶有病毒的應(yīng)用程序軟件，但是大部分的Android 用戶都相信 Android 應(yīng)用程序市場會杜絕這種事情的發(fā)生或者根本就是不存在的。所以，當(dāng)安裝一個(gè)應(yīng)用程序的時(shí)候，由 Android 用戶自己選擇是否彈出權(quán)限消息提示框來進(jìn)行提示性安裝，這種需求往往是客戶所想要的。 特別的，當(dāng) Android 用戶在安裝應(yīng)用程序的時(shí)候，突然彈出一個(gè)權(quán)限消息對話框給用戶，而且權(quán)限消息對話框的內(nèi)容往往是含糊不清的、使用專業(yè)術(shù)語的話語，給用戶帶來了許多不必要的麻煩。 Android 用戶認(rèn)為惡意軟件的防止應(yīng)該是有谷歌公司來完成的，并且能夠提供給 Android 手機(jī)