Tricking Johnny into Granting Web Permissions

Hazhirpasand, Mohammadreza; Ghafari, Mohammad; Nierstrasz, Oscar (April 2020). Tricking Johnny into Granting Web Permissions. In: Evaluation and Assessment in Software Engineering, EASE 2020. EASE 2020 (pp. 276-281). New York, NY, USA: Association for Computing Machinery 10.1145/3383219.3383248

Text Hazh20b.pdf - Published Version Restricted to registered users only Available under License Publisher holds Copyright. Download (1MB)

We studied the web permission API dialog box in popular mobile and desktop browsers, and found that it typically lacks measures to protect users from unwittingly granting web permission when clicking too fast. We developed a game that exploits this issue, and tricks users into granting webcam permission. We conducted three experiments, each with 40 different participants, on both desktop and mobile browsers. The results indicate that in the absence of a prevention mechanism, we achieve a considerably high success rate in tricking 95% and 72% of participants on mobile and desktop browsers, respectively. Interestingly, we also tricked 47% of participants on a desktop browser where a prevention mechanism exists.

Interest & Impact

Downloads

2 since deposited on 20 Apr 2021
0 in the past 12 months

Citations

5 Citations in Web of Science ®
6 Citations in Scopus

Search

in Google Scholar™

Services

Actions (login required)

Edit item

Actions (login required)

Edit item