This publication describes techniques and apparatuses to limit access by a software application to sensitive user data (e.g., contacts, location, biometric data, photos). When a user installs or initially uses an application, the application may request permission to access user data, along with system resources (e.g., global positioning satellite (GPS) data) and particular hardware (e.g., microphones, cameras). Depending on the permission request, the user and the operating system (OS) may be unclear whether the data, resources, and/or hardware is needed by the application most of the time, some of the time, not needed at all, or whether the request is abusive. In some cases, the user is not able to provide partial access to the application. To protect the privacy of the user and minimize abuse, the OS utilizes a sensitive data sandbox to (a) evaluate access requests made by the application, (b) limit the frequency of requests, (c) limit the type and amount of user data and resources available within the sandbox, and (d) restrict the exporting of information from the sandbox.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Quong, Russell, "Limiting Application Access to Sensitive Data and Resources Through Use of a Sensitive Data Sandbox", Technical Disclosure Commons, (February 04, 2020)