Investigating Software Developers' Challenges for Android Permissions in Stack Overflow

The Android permission system is a set of controls to regulate access to
sensitive data and platform resources (e.g., camera). The fast evolving
nature of Android permissions, coupled with inadequate documentation,
results in numerous challenges for third-party developers. This study
investigates the permission-related challenges developers face and the
solutions provided to resolve them on the crowdsourcing platform Stack
Overflow. We conducted qualitative and quantitative analyses on 3,327
permission-related questions and 3,271 corresponding answers. Our study
found that most questions are related to non-evolving SDK permissions
that remain constant across various Android versions, which emphasizes
the lack of documentation. We classify developers’ challenges into several
categories: Documentation-Related, Problems with Dependencies, Debugging,
Conceptual Understanding, and Implementation Issues. We further divided
these categories into 12 subcategories, nine sub-subcategories, and nine
sub-sub-subcategories. Our analysis shows that developers infrequently
identify the restriction type or protection level of permissions, and when
they do, their descriptions often contradict Google’s official documentation.
Our study indicates the need for clear, consistent documentation to guide
the use of permissions and reduce developer misunderstanding leading to
potential misuse of Android permission. These insights from this study can
inform strategies and guidelines for permission issues. Future studies should
explore the effectiveness of Stack Overflow solutions to form best practices
and develop tools to address these problems.