Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add MASWE-0117 - Inadequate Permission Management #3119

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
+65 −0
Open

Add MASWE-0117 - Inadequate Permission Management #3119

Changes from 4 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
6f42488
Add MASWE-0117: Inadequate Permission Management
cpholguera Jan 17, 2025
90b904a
Update CWE reference for MASWE-0117 from 359 to 250
cpholguera Jan 17, 2025
62057a1
Remove duplicate Android permission request references in MASWE-0117
cpholguera Jan 21, 2025
197bd22
Clarify permission management risks and add new references
cpholguera Jan 21, 2025
24dbbbe
fix missing white space
cpholguera Jan 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
65 changes: 65 additions & 0 deletions weaknesses/MASVS-PRIVACY/MASWE-0117.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
---
title: Inadequate Permission Management
id: MASWE-0117
alias: inadequate-permission-management
platform: ["android", "ios"]
profiles: ["P"]
mappings:
masvs-v1: []
masvs-v2: [MASVS-PRIVACY-1]
cwe: [250]
refs:
- https://developer.apple.com/design/human-interface-guidelines/privacy#Requesting-permission
- https://developer.apple.com/documentation/uikit/protecting_the_user_s_privacy/requesting_access_to_protected_resources
- https://developer.android.com/training/permissions/requesting
- https://support.google.com/googleplay/android-developer/answer/9888170?hl=en
- https://developer.android.com/privacy-and-security/minimize-permission-requests
- https://developer.android.com/training/permissions/usage-notes
- https://arxiv.org/pdf/1905.02713
- https://arxiv.org/pdf/2203.10583
- https://ieeexplore.ieee.org/document/9001128
- https://www.enisa.europa.eu/sites/default/files/publications/WP2017%20O-2-2-4%20GDPR%20Mobile.pdf

cpholguera marked this conversation as resolved.
Show resolved Hide resolved
status: new
---

## Overview

Permissions control access to sensitive device features such as the camera, microphone, location, and storage, making them a crucial aspect of mobile app privacy. Proper permission management is essential to protect user privacy and comply with regulations, as permissions serve as the gateway for data collection and processing.

### First-party Apps

First-party apps may request more permissions than necessary, sometimes overlooking privacy-friendly alternatives due to a lack of awareness, technical constraints, or business needs. Developers face the challenge of balancing functionality with privacy: while some permissions are essential for core features (e.g., a camera app requiring camera access), excessive permissions can lead to unnecessary data collection and potential privacy violations.

From the user's perspective, privacy concerns may lead to reluctance in granting permissions, forcing them to choose between privacy and app functionality as in some cases, refusing to grant permissions could render the app unusable. Conversely, users may grant permissions without fully understanding the implications, resulting in unintended data exposure.

### Pre-installed Apps

Pre-installed apps frequently come with excessive permissions that users cannot control or revoke, as they are often granted by default without explicit consent. This lack of control can result in continuous data collection and persistent privacy risks.

### Third-party Libraries (SDKs)

**Third-party libraries (SDKs)** further complicate permission management by inheriting app permissions and introducing privacy and security risks that are difficult to audit and control. Mobile permission models often fail to distinguish between permissions granted to an app and those assigned to third-party components, a challenge highlighted in the [IEEE research paper "Engineering Privacy in Smartphone Apps"](https://ieeexplore.ieee.org/document/9001128) (Section IV, _"Third-party content"_). Furthermore, third-party services behind these SDKs may continue accessing data collected over the network even after permissions are revoked or the app is deleted, creating long-term risks for user privacy.

## Modes of Introduction

- **Requesting Excessive Permissions**: Apps requesting more permissions than necessary for their core functionality.
- **Lack of Use of Privacy-Friendly Alternatives**: Failing to use privacy-friendly alternatives to permissions that are less intrusive and provide users with more control over their data. For example, using coarse location instead of fine location, or using an image picker instead of requesting access to the camera and photo gallery.
- **Lack of Proactive Permission Revocation**: Not automatically revoking app permissions that are no longer necessary, resulting in unnecessary data access over time.
- **Inadequate Permission Explanations**: Failing to provide clear explanations for why each permission is required.

## Impact

- **Violation of User Privacy**: Users may have their personal data unnecessarily accessed by mobile apps, leading to potential misuse, identity theft, or surveillance.
- **Loss of User Trust**: Users may lose trust in an app if it requests unnecessary permissions or does not allow them to revoke permissions that are no longer relevant. This can lead to negative reviews, lower user engagement, and reduced retention.
- **Legal and Compliance Issues**: Apps that improperly manage permissions may face non-compliance with privacy regulations like GDPR or CCPA, which require data minimization and appropriate user control over data access, resulting in potential fines, legal action, or removal from app stores.
- **Malicious Abuse:** Harmful apps can misuse permissions from privileged apps to record, track, or steal data without user consent.
- **Data Breaches:** Once sensitive data leaves the app, it can be vulnerable to cyberattacks if it's not properlyprotected on remote endpoints, potentially leading to large-scale data leaks and reputational damage.
cpholguera marked this conversation as resolved.
Show resolved Hide resolved

## Mitigations

- **Enable Proactive Permission Revocation**: Automatically revoke permissions that are no longer necessary to minimize unnecessary data access over time. Ensure that users can manually revoke permissions at any time through a clear and accessible interface.
- **Prefer Privacy-Friendly Alternatives**: Use privacy-friendly alternatives to permissions that are less intrusive and provide users with more control over their data. For example, use coarse location instead of fine location, or use an image picker instead of requesting access to the camera and photo gallery.
- **Limit Permissions to Essential Needs**: Ensure apps only request permissions necessary for core functionality, avoiding the collection of unnecessary data and adhering to the principle of data minimization.
- **Implement Just-in-Time Permission Requests**: Request permissions only when they are needed, providing clear explanations for why each permission is required. This approach helps build user trust and ensures users understand the implications of granting access to their data.
- **User Education on Permissions**: Educate users about why specific permissions are needed and how they can manage these permissions. Providing transparency builds user trust and ensures users understand the importance and relevance of each permission.
Loading