{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,5]],"date-time":"2026-02-05T06:09:21Z","timestamp":1770271761544,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":34,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,5,2]],"date-time":"2017-05-02T00:00:00Z","timestamp":1493683200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1064997"],"award-info":[{"award-number":["CNS-1064997"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,5,2]]},"DOI":"10.1145\/3025453.3025706","type":"proceedings-article","created":{"date-parts":[[2017,5,2]],"date-time":"2017-05-02T18:37:22Z","timestamp":1493750242000},"page":"362-373","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":31,"title":["User Interactions and Permission Use on Android"],"prefix":"10.1145","author":[{"given":"Kristopher","family":"Micinski","sequence":"first","affiliation":[{"name":"University of Maryland, College Park, College Park, MD, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Daniel","family":"Votipka","sequence":"additional","affiliation":[{"name":"University of Maryland, College Park, College Park, MD, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rock","family":"Stevens","sequence":"additional","affiliation":[{"name":"University of Maryland, College Park, College Park, MD, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nikolaos","family":"Kofinas","sequence":"additional","affiliation":[{"name":"University of Maryland, College Park, College Park, MD, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michelle L.","family":"Mazurek","sequence":"additional","affiliation":[{"name":"University of Maryland, College Park, College Park, MD, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jeffrey S.","family":"Foster","sequence":"additional","affiliation":[{"name":"University of Maryland, College Park, College Park, MD, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2017,5,2]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Presented as part of the 7th USENIX Workshop on Hot Topics in Security","unstructured":"2012. How to Ask for Permission . In Presented as part of the 7th USENIX Workshop on Hot Topics in Security . USENIX , Berkeley, CA . https:\/\/www.usenix.org\/conference\/hotsec12\/workshopprogram\/presentation\/Felt 2012. How to Ask for Permission. In Presented as part of the 7th USENIX Workshop on Hot Topics in Security. USENIX, Berkeley, CA. https:\/\/www.usenix.org\/conference\/hotsec12\/workshopprogram\/presentation\/Felt"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/TAC.1974.1100705"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2702123.2702210"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382222"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2501604.2501616"},{"key":"e_1_3_2_1_6_1","volume-title":"Proceedings of the 22nd USENIX Security Symposium (USENIX Security '13)","author":"Bugiel Sven","year":"2013","unstructured":"Sven Bugiel , Stephen Heuser , and Ahmad-Reza Sadeghi . 2013 . Flexible and Fine-grained Mandatory Access Control on Android for Diverse Security and Privacy Policies . In Proceedings of the 22nd USENIX Security Symposium (USENIX Security '13) . USENIX, Washington, D.C., 131--146. https:\/\/www.usenix.org\/conference\/usenixsecurity13\/ technical-sessions\/presentation\/bugiel Sven Bugiel, Stephen Heuser, and Ahmad-Reza Sadeghi. 2013. Flexible and Fine-grained Mandatory Access Control on Android for Diverse Security and Privacy Policies. In Proceedings of the 22nd USENIX Security Symposium (USENIX Security '13). USENIX, Washington, D.C., 131--146. https:\/\/www.usenix.org\/conference\/usenixsecurity13\/ technical-sessions\/presentation\/bugiel"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1177\/1745691610393980"},{"key":"e_1_3_2_1_8_1","volume-title":"Contextual Policy Enforcement in Android Applications with Permission Event Graphs. In 20th Annual Network and Distributed System Security Symposium, NDSS","author":"Chen Kevin Zhijie","year":"2013","unstructured":"Kevin Zhijie Chen , Noah M. Johnson , Vijay D'Silva , Shuaifu Dai , Kyle MacNamara , Thomas R. Magrino , Edward XueJun Wu , Martin Rinard , and Dawn Xiaodong Song . 2013 . Contextual Policy Enforcement in Android Applications with Permission Event Graphs. In 20th Annual Network and Distributed System Security Symposium, NDSS 2013. Internet Society, San Diego, California, USA. http:\/\/internetsociety.org\/doc\/contextual-policyenforcement-android-applications-permission-eventgraphs Kevin Zhijie Chen, Noah M. Johnson, Vijay D'Silva, Shuaifu Dai, Kyle MacNamara, Thomas R. Magrino, Edward XueJun Wu, Martin Rinard, and Dawn Xiaodong Song. 2013. Contextual Policy Enforcement in Android Applications with Permission Event Graphs. In 20th Annual Network and Distributed System Security Symposium, NDSS 2013. Internet Society, San Diego, California, USA. http:\/\/internetsociety.org\/doc\/contextual-policyenforcement-android-applications-permission-eventgraphs"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1753326.1753688"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046779"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2381934.2381943"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2335356.2335360"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.14722\/usec.2014.23044"},{"key":"e_1_3_2_1_14_1","unstructured":"Google 2016. Requesting Permissions at Run Time. Google. https:\/\/developer.android.com\/training\/ permissions\/requesting.html  Google 2016. Requesting Permissions at Run Time. Google. https:\/\/developer.android.com\/training\/ permissions\/requesting.html"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1080\/19312450709336664"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-73186-5_6"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2381934.2381938"},{"key":"e_1_3_2_1_18_1","volume-title":"Proceedings of the 23rd USENIX Security Symposium (USENIX Security '14)","author":"Kang Ruogu","year":"2014","unstructured":"Ruogu Kang , Stephanie Brown , Laura Dabbish , and Sara Kiesler . 2014. Privacy Attitudes of Mechanical Turk Workers and the U.S. Public . In Proceedings of the 23rd USENIX Security Symposium (USENIX Security '14) . USENIX Association , San Diego , California, USA, 37--49. https:\/\/www.usenix.org\/conference\/soups 2014 \/ proceedings\/presentation\/kang Ruogu Kang, Stephanie Brown, Laura Dabbish, and Sara Kiesler. 2014. Privacy Attitudes of Mechanical Turk Workers and the U.S. Public. In Proceedings of the 23rd USENIX Security Symposium (USENIX Security '14). USENIX Association, San Diego, California, USA, 37--49. https:\/\/www.usenix.org\/conference\/soups2014\/ proceedings\/presentation\/kang"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.2139\/ssrn.2493412"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1357054.1357127"},{"key":"e_1_3_2_1_21_1","volume-title":"Clarkson","author":"Micinski Kristopher","year":"2015","unstructured":"Kristopher Micinski , Jonathan Fetter-Degges , Jinseong Jeon , Jeffrey S. Foster , and Michael R . Clarkson . 2015 . Checking Interaction-Based Declassification Policies for Android Using Symbolic Execution. Springer International Publishing , Vienna, Austria, 520--538. DOI: http:\/\/dx.doi.org\/10.1007\/978--3--319--24177--7_26 10.1007\/978--3--319--24177--7_26 Kristopher Micinski, Jonathan Fetter-Degges, Jinseong Jeon, Jeffrey S. Foster, and Michael R. Clarkson. 2015. Checking Interaction-Based Declassification Policies for Android Using Symbolic Execution. Springer International Publishing, Vienna, Austria, 520--538. DOI: http:\/\/dx.doi.org\/10.1007\/978--3--319--24177--7_26"},{"key":"e_1_3_2_1_22_1","first-page":"119","article-title":"Privacy as Contextual Integrity","volume":"79","author":"Nissenbaum Helen","year":"2004","unstructured":"Helen Nissenbaum . 2004 . Privacy as Contextual Integrity . Washington Law Review 79 (2004), 119 -- 157 . Helen Nissenbaum. 2004. Privacy as Contextual Integrity. Washington Law Review 79 (2004), 119--157.","journal-title":"Washington Law Review"},{"key":"e_1_3_2_1_23_1","volume-title":"Expecting the Unexpected: Understanding Mismatched Privacy Expectations Online. In Twelfth Symposium on Usable Privacy and Security (SOUPS 2016","author":"Rao Ashwini","year":"2016","unstructured":"Ashwini Rao , Florian Schaub , Norman Sadeh , Alessandro Acquisti , and Ruogu Kang . 2016 . Expecting the Unexpected: Understanding Mismatched Privacy Expectations Online. In Twelfth Symposium on Usable Privacy and Security (SOUPS 2016 ). USENIX Association, Denver, CO, 77--96. https:\/\/www.usenix.org\/conference\/soups 2016\/technicalsessions\/presentation\/rao Ashwini Rao, Florian Schaub, Norman Sadeh, Alessandro Acquisti, and Ruogu Kang. 2016. Expecting the Unexpected: Understanding Mismatched Privacy Expectations Online. In Twelfth Symposium on Usable Privacy and Security (SOUPS 2016). USENIX Association, Denver, CO, 77--96. https:\/\/www.usenix.org\/conference\/soups2016\/technicalsessions\/presentation\/rao"},{"key":"e_1_3_2_1_24_1","volume-title":"https:\/\/developer. android.com\/guide\/topics\/security\/permissions.html (Accessed 9--16--2016)","author":"Reference Android Developers","year":"2016","unstructured":"Android Developers Reference . 2016. Manifest.permission_group. ( 2016 ). https:\/\/developer. android.com\/guide\/topics\/security\/permissions.html (Accessed 9--16--2016) . Android Developers Reference. 2016. Manifest.permission_group. (2016). https:\/\/developer. android.com\/guide\/topics\/security\/permissions.html (Accessed 9--16--2016)."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978344"},{"key":"e_1_3_2_1_26_1","volume-title":"Proceedings of the 22nd USENIX Security Symposium (USENIX Security '13)","author":"Roesner Franziska","year":"2013","unstructured":"Franziska Roesner and Tadayoshi Kohno . 2013 . Securing Embedded User Interfaces: Android and Beyond . In Proceedings of the 22nd USENIX Security Symposium (USENIX Security '13) . USENIX, Washington, D.C., 97--112. https:\/\/www.usenix.org\/conference\/usenixsecurity13\/ technical-sessions\/presentation\/roesner Franziska Roesner and Tadayoshi Kohno. 2013. Securing Embedded User Interfaces: Android and Beyond. In Proceedings of the 22nd USENIX Security Symposium (USENIX Security '13). USENIX, Washington, D.C., 97--112. https:\/\/www.usenix.org\/conference\/usenixsecurity13\/ technical-sessions\/presentation\/roesner"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.24"},{"key":"e_1_3_2_1_28_1","volume-title":"New Security Indicators. In Proceedings of the 2007 IEEE Symposium on Security and Privacy.","author":"Schechter Stuart E","unstructured":"Stuart E Schechter , Rachna Dhamija , Andy Ozment , and Ian Fischer . The Emperor's New Security Indicators. In Proceedings of the 2007 IEEE Symposium on Security and Privacy. Stuart E Schechter, Rachna Dhamija, Andy Ozment, and Ian Fischer. The Emperor's New Security Indicators. In Proceedings of the 2007 IEEE Symposium on Security and Privacy."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1151030.1151033"},{"key":"e_1_3_2_1_30_1","volume-title":"Miller","author":"Stiegler Marc","year":"2002","unstructured":"Marc Stiegler and Mark S . Miller . 2002 . A Capability-based Client: The DarpaBrowser. Technical Report Technical Report, Focused Research Topic 5. Combex Inc, Meadowbrook, PA. http:\/\/www.combex.com\/papers\/darpareport\/index.html Marc Stiegler and Mark S. Miller. 2002. A Capability-based Client: The DarpaBrowser. Technical Report Technical Report, Focused Research Topic 5. Combex Inc, Meadowbrook, PA. http:\/\/www.combex.com\/papers\/darpareport\/index.html"},{"key":"e_1_3_2_1_31_1","volume-title":"Proceedings of the 18th USENIX Security Symposium. {}https:\/\/www.usenix.org\/legacy\/events\/sec09\/tech\/ full_papers\/sunshine.","author":"Sunshine Joshua","year":"2009","unstructured":"Joshua Sunshine , Serge Egelman , Hazim Almuhimedi , Neha Atri , and Lorrie Faith Cranor . 2009 . Crying Wolf An Empirical Study of SSL Warning Effectiveness .. In Proceedings of the 18th USENIX Security Symposium. {}https:\/\/www.usenix.org\/legacy\/events\/sec09\/tech\/ full_papers\/sunshine. Joshua Sunshine, Serge Egelman, Hazim Almuhimedi, Neha Atri, and Lorrie Faith Cranor. 2009. Crying Wolf An Empirical Study of SSL Warning Effectiveness.. In Proceedings of the 18th USENIX Security Symposium. {}https:\/\/www.usenix.org\/legacy\/events\/sec09\/tech\/ full_papers\/sunshine."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1978942.1979277"},{"key":"e_1_3_2_1_33_1","volume-title":"Proceedings of the 24th USENIX Security Symposium (USENIX Security '15)","author":"Wijesekera Primal","year":"2015","unstructured":"Primal Wijesekera , Arjun Baokar , Ashkan Hosseini , Serge Egelman , David Wagner , and Konstantin Beznosov . 2015 . Android Permissions Remystified: A Field Study on Contextual Integrity . In Proceedings of the 24th USENIX Security Symposium (USENIX Security '15) . USENIX Association, Washington, D.C., 499--514. https:\/\/www.usenix.org\/conference\/usenixsecurity15\/ technical-sessions\/presentation\/wijesekera Primal Wijesekera, Arjun Baokar, Ashkan Hosseini, Serge Egelman, David Wagner, and Konstantin Beznosov. 2015. Android Permissions Remystified: A Field Study on Contextual Integrity. In Proceedings of the 24th USENIX Security Symposium (USENIX Security '15). USENIX Association, Washington, D.C., 499--514. https:\/\/www.usenix.org\/conference\/usenixsecurity15\/ technical-sessions\/presentation\/wijesekera"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516676"}],"event":{"name":"CHI '17: CHI Conference on Human Factors in Computing Systems","location":"Denver Colorado USA","acronym":"CHI '17","sponsor":["SIGCHI ACM Special Interest Group on Computer-Human Interaction"]},"container-title":["Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3025453.3025706","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3025453.3025706","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3025453.3025706","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:03:22Z","timestamp":1750215802000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3025453.3025706"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,5,2]]},"references-count":34,"alternative-id":["10.1145\/3025453.3025706","10.1145\/3025453"],"URL":"https:\/\/doi.org\/10.1145\/3025453.3025706","relation":{},"subject":[],"published":{"date-parts":[[2017,5,2]]},"assertion":[{"value":"2017-05-02","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}