The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

Improving the Security and Usability of the Wear OS Permission Model

Research Areas: Other

Principal Investigator: Berkay Celik

Google’s Wear OS is a version of Android’s operating system specifically designed to manage wearable devices, such as smartwatches and other wearables. Normally, Wear OS apps have the ability to access potentially sensitive information, such as the device’s location and is controlled by a permission system. Specifically, users are asked at run-time whether they want to allow a Wear OS app to access a specific piece of sensitive information. Through permissions, Android allows the user to select whether to allow or deny sensitive information access to the app. 

However, with potentially confusing permissions windows popping up in a dialog box, it’s possible for the user to inadvertently choose options that send location data to the Wear OS app. This reveals three fundamental issues; poor usability, poor user understanding, and unclear security. 

We plan to perform what would be the first systematic analysis of the interaction of the Android/Wear OS permission models.

Personnel

Other PIs: Antonio Bianchi

Keywords: Mobile securiity, wearables