RmPerm: A Tool for Android Permissions Removal

Android apps are generally over-privileged, i.e., they request more permissions than they actually need to execute properly. Prior to version 6 users can install an app only by accepting all its requested permissions, while newer Android versions allow users to dynamically grant/deny groups of permissions. Since some them impact on users' privacy, we argue that users should be granted control at the granularity of the single permission. We propose a novel approach, which does not require any change to the underlying OS, allowing users to selectively remove permissions from apps before installing them, and with a finer granularity. We developed ool, an open-source tool, that implements our methodology, and we present the viability of our approach via an empirical assessment on 81K apps, underlining that, in the worst case, up to 86% of the apps can execute without crashing when none of the requested privacy-related permissions are granted.