Mobile apps have access to a variety of sensitive resources and data. Current permissionbased policies guarding these resources are not expressive enough to distinguish the wanted functionality from malicious attacks. We present the tool PhoneWrap which inserts fine-grained ticket-based policies into mobile JavaScript apps written with the PhoneGap framework. Our policies grant a bounded number of accesses for each functionality based on the user's interaction with the app. The policies are

more »

... rced without modification of the execution environment. We have applied PhoneWrap successfully to hand-crafted examples and real-world Android apps to show that accurate policies can be retrofitted. Introduction Modern mobile devices have access to private data, sensors and services. Mobile operating systems like Android and iOS govern access with permissions which that are either fully granted ahead of time, or can be switched on or off during use in limited ways. Neither mechanism allows precise fine-grained control on how often or in which context a granted resource may be used. But when users notice resources being overused in the wrong context, they react. A user of a permission usage monitoring app complained: "Why would WhatsApp access my contacts over 7000 times [...]. It