While the literature on permissions from the end-user perspective is rich, there is a lack of empirical research on why developers request permissions, their conceptualization of permissions, and how their perspectives compare with end-users' perspectives. Our study aims to address these gaps using a mixed-methods approach. Through interviews with 19 app developers and a survey of 309 Android and iOS end-users, we found that both groups shared similar concerns about unnecessary permissions breaking trust, damaging the app's reputation, and potentially allowing access to sensitive data. We also found that developer participants sometimes requested multiple permissions due to confusion about the scope of certain permissions or third-party library requirements. Additionally, most end-user participants believed they were responsible for granting a permission request, and it was their choice to do so, a belief shared by many developer participants. Our findings have implications for improving the permission ecosystem for both developers and end-users.

翻译：尽管从终端用户角度研究权限的文献已十分丰富，但关于开发者为何请求权限、如何概念化权限，以及他们的视角与终端用户视角如何比较的实证研究仍然匮乏。本研究采用混合方法旨在填补这些空白。通过对19位应用开发者的访谈及对309位安卓和iOS终端用户的调查，我们发现两个群体对不必要的权限会破坏信任、损害应用声誉、并可能允许访问敏感数据等方面存在相似担忧。我们还发现，开发者参与者有时因对某些权限范围或第三方库要求的混淆而请求多个权限。此外，大多数终端用户参与者认为他们应对授予权限请求负责，并认为这是他们的选择，这一观点也得到了许多开发者参与者的认同。我们的研究结果为改善开发者与终端用户的权限生态系统提供了启示。