Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Tracking your permissions with data access audi...

Tracking your permissions with data access auditing

Android has come a long way when it comes to permission handling for data privacy. By getting rid of those terrifying install dialogs with huge lists of required permissions and favouring runtime permissions instead, the framework gave back the users control of how apps can access their data. This model also allows us, the developers, to ask users for each permission at the right time, effectively increasing the odds of them giving us a little bit of their privacy to work with.
Now, this is all fun and games until someone gets hurt. And by someone, I mean us, the developers, when our apps grow both in size and complexity. Add in the fact that developer teams change over time, and you got yourself a recipe for disaster. Soon enough, it’s highly likely that you’ll have permission handling code sprinkled throughout your codebase (because, you know, it made sense at some point). Worst case scenario, you’ll actually end up asking users for permissions in places where it doesn’t even make sense to ask for them. And what do users do when they get asked for location access when trying to zoom in a picture? Yup, instant uninstall, probably followed by a 1 star review.
Fortunately, Android 11 brings a shiny new feature called data access auditing, that was designed to avoid scenarios like the one described above. In this talk, I’ll explore data access auditing, and how it aims to provide more transparency into how our apps and their dependencies access private data.

Ricardo Costeira

July 08, 2020
Tweet

More Decks by Ricardo Costeira

Other Decks in Programming

Transcript

  1. A long time ago… but in this galaxy though •

    App idea – Runbelievable ◦ Step 1: Get to your starting point ◦ Step 2: Start the timer ◦ Step 3: run like the wind until you reach your destination ◦ Step 4: Stop the timer ◦ Step 5: Compare with previous runs with super high end complex machine learning algorithms that aim to improve your technique ◦ Step 6: Boast about how fast you are by uploading your progress to Facebook
  2. You need to compromise with the user • In exchange

    for your super advanced running tech • You need users to allow access to their location • Since you eloquently explain why, users grant you access
  3. Your app rocks! • Everyone loves running thanks to you

    ❤‍♀ • Facebook is flooded with annoying Runbelievable progress reports • 5 star reviews everywhere • 7 out of 10 reviews mention something interesting...
  4. New feature – HIIT workouts • Exercise list • Exercise

    descriptions • Default workout plans • Workout builders • Timer for exercises • Everything else you’ll remember along the way
  5. What happened? • When building the HIIT feature, you reused

    the startTimer() method… • … which accesses user location data internally
  6. Data Access Auditing • Allows you to track access to

    private data • Callback that you register on any Android component ◦ AppOpsManager.OnOpNotedCallback • Can provide the stack trace from the thread it’s called (if call is synchronous) • Can track private data access made by 3rd party SDKs
  7. Data access auditing – Do I need it? • Small

    team? Relatively simple app and/or project? Not that many permissions needed? Might not be worth it. • Large and/or dynamic team? Complex project, with a lot of modules, and a lot of feature sets requesting all kinds of permissions? It might save the day.