Users are frequently asked to make security-critical decisions, often without adequate understanding of what is being asked of them, or the consequences of their actions. In the Android™ platform, for example, prior to installation, users are expected to review the permissions requested by an application and accept the inherent risks in allowing those permissions. Not surprisingly, users simply click through this initial consent step, often resulting in poorly understood authorizations. See, for example, A. P. Felt et al., “The Effectiveness of Application Permissions,” Proceedings of the 2nd USENIX conference on Web application development, WebApps' 11 (June 2011). The user may have a high level understanding of the features they expect the application to provide, but not grasp the minimal security controls necessary to enable these functions.
In many organizations, managers are frequently asked to approve and [re]-certify access for employees. In these instances, end users who are expected to make the critical decisions lack the understanding or insight that is necessary to make a fully informed decision. Android end users cannot be expected to understand why an application is requesting certain and often very specific permissions, or why those requests may be considered normal or risky.
Furthermore, knowledge of the requirements of an access control policy is often split between different entities: managers understand their end users but lack an understanding of the technical systems, which is handled by information technology (IT) administrators. These gaps result in risks to end users and enterprise resources.
Therefore, techniques that enable users to make intelligent choices for security critical decisions (e.g., that inform users of the risks of granting a permission to an application) would be desirable.