Abstract

The present disclosure provides a method for frictionless signature-based high-risk permissions management on computing devices. The method includes an onboarding process involving the inclusion of new software vendors by the OS or MDM vendor, a process that verifies vendor legitimacy and the necessity of their access to sensitive resources. During onboarding, the OS or MDM vendor generates an "upload key," securely provided to the software vendor, and an "app signing key," securely retained within the vendor's Key Management System (KMS). Further, the method includes releasing or publishing applications to a digital distribution service managed by the OS or MDM vendor involves software vendors declaring necessary permissions and signing applications with the "upload key" before uploading them to distribution services. The OS or MDM vendor validates the application, ensuring vendor correspondence, adherence to platform-specific signature rules, and pre-clearance for resource access. Upon successful verification, the application is signed with permission-specific certificates and the "app signing key," preparing it for distribution. Furthermore, the method includes downloading and installation of applications on end-point computing devices encompass the OS verification process. If successful, the application is installed with "normal" or "low-risk" permissions without user consent. Moreover, for each requested sensitive resource and feature access, the application is verified with the corresponding "permission" key, granting "dangerous" or "high-risk" permissions seamlessly.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.

Download

Share

COinS