Automatic, highly accurate app permission recommendation

Zhongxin Liu, Xin Xia, David Lo, John Grundy

Research output: Contribution to journalArticleResearchpeer-review

Abstract

To ensure security and privacy, Android employs a permission mechanism which requires developers to explicitly declare the permissions needed by their applications (apps). Users must grant those permissions before they install apps or during runtime. This mechanism protects users’ private data, but also imposes additional requirements on developers. For permission declaration, developers need knowledge about what permissions are necessary to implement various features of their apps, which is difficult to acquire due to the incompleteness of Android documentation. To address this problem, we present a novel permission recommendation system named PerRec for Android apps. PerRec leverages mining-based techniques and data fusion methods to recommend permissions for given apps according to their used APIs and API descriptions. The recommendation scores of potential permissions are calculated by a composition of two techniques which are implemented as two components of PerRec: a collaborative filtering component which measures similarities between apps based on semantic similarities between APIs; and a content-based recommendation component which automatically constructs profiles for potential permissions from existing apps. The two components are combined in PerRec for better performance. We have evaluated PerRec on 730 apps collected from Google Play and F-Droid, a repository of free and open source Android apps. Experimental results show that our approach significantly improves the state-of-the-art approaches APRecCFcorrelation, APRec TEXT and Axplorer.

Original languageEnglish
Pages (from-to)241-274
Number of pages34
JournalAutomated Software Engineering
Volume26
Issue number2
DOIs
Publication statusPublished - Jun 2019

Keywords

  • Android security model
  • Collaborative filtering
  • Content-based recommendation
  • Permission recommendation

Cite this

@article{70d6f47c65cf4354b90a3a40a9fd63e9,
title = "Automatic, highly accurate app permission recommendation",
abstract = "To ensure security and privacy, Android employs a permission mechanism which requires developers to explicitly declare the permissions needed by their applications (apps). Users must grant those permissions before they install apps or during runtime. This mechanism protects users’ private data, but also imposes additional requirements on developers. For permission declaration, developers need knowledge about what permissions are necessary to implement various features of their apps, which is difficult to acquire due to the incompleteness of Android documentation. To address this problem, we present a novel permission recommendation system named PerRec for Android apps. PerRec leverages mining-based techniques and data fusion methods to recommend permissions for given apps according to their used APIs and API descriptions. The recommendation scores of potential permissions are calculated by a composition of two techniques which are implemented as two components of PerRec: a collaborative filtering component which measures similarities between apps based on semantic similarities between APIs; and a content-based recommendation component which automatically constructs profiles for potential permissions from existing apps. The two components are combined in PerRec for better performance. We have evaluated PerRec on 730 apps collected from Google Play and F-Droid, a repository of free and open source Android apps. Experimental results show that our approach significantly improves the state-of-the-art approaches APRecCFcorrelation, APRec TEXT and Axplorer.",
keywords = "Android security model, Collaborative filtering, Content-based recommendation, Permission recommendation",
author = "Zhongxin Liu and Xin Xia and David Lo and John Grundy",
year = "2019",
month = "6",
doi = "10.1007/s10515-019-00254-6",
language = "English",
volume = "26",
pages = "241--274",
journal = "Automated Software Engineering",
issn = "0928-8910",
publisher = "Springer-Verlag London Ltd.",
number = "2",

}

Automatic, highly accurate app permission recommendation. / Liu, Zhongxin; Xia, Xin; Lo, David; Grundy, John.

In: Automated Software Engineering, Vol. 26, No. 2, 06.2019, p. 241-274.

Research output: Contribution to journalArticleResearchpeer-review

TY - JOUR

T1 - Automatic, highly accurate app permission recommendation

AU - Liu, Zhongxin

AU - Xia, Xin

AU - Lo, David

AU - Grundy, John

PY - 2019/6

Y1 - 2019/6

N2 - To ensure security and privacy, Android employs a permission mechanism which requires developers to explicitly declare the permissions needed by their applications (apps). Users must grant those permissions before they install apps or during runtime. This mechanism protects users’ private data, but also imposes additional requirements on developers. For permission declaration, developers need knowledge about what permissions are necessary to implement various features of their apps, which is difficult to acquire due to the incompleteness of Android documentation. To address this problem, we present a novel permission recommendation system named PerRec for Android apps. PerRec leverages mining-based techniques and data fusion methods to recommend permissions for given apps according to their used APIs and API descriptions. The recommendation scores of potential permissions are calculated by a composition of two techniques which are implemented as two components of PerRec: a collaborative filtering component which measures similarities between apps based on semantic similarities between APIs; and a content-based recommendation component which automatically constructs profiles for potential permissions from existing apps. The two components are combined in PerRec for better performance. We have evaluated PerRec on 730 apps collected from Google Play and F-Droid, a repository of free and open source Android apps. Experimental results show that our approach significantly improves the state-of-the-art approaches APRecCFcorrelation, APRec TEXT and Axplorer.

AB - To ensure security and privacy, Android employs a permission mechanism which requires developers to explicitly declare the permissions needed by their applications (apps). Users must grant those permissions before they install apps or during runtime. This mechanism protects users’ private data, but also imposes additional requirements on developers. For permission declaration, developers need knowledge about what permissions are necessary to implement various features of their apps, which is difficult to acquire due to the incompleteness of Android documentation. To address this problem, we present a novel permission recommendation system named PerRec for Android apps. PerRec leverages mining-based techniques and data fusion methods to recommend permissions for given apps according to their used APIs and API descriptions. The recommendation scores of potential permissions are calculated by a composition of two techniques which are implemented as two components of PerRec: a collaborative filtering component which measures similarities between apps based on semantic similarities between APIs; and a content-based recommendation component which automatically constructs profiles for potential permissions from existing apps. The two components are combined in PerRec for better performance. We have evaluated PerRec on 730 apps collected from Google Play and F-Droid, a repository of free and open source Android apps. Experimental results show that our approach significantly improves the state-of-the-art approaches APRecCFcorrelation, APRec TEXT and Axplorer.

KW - Android security model

KW - Collaborative filtering

KW - Content-based recommendation

KW - Permission recommendation

UR - http://www.scopus.com/inward/record.url?scp=85063231677&partnerID=8YFLogxK

U2 - 10.1007/s10515-019-00254-6

DO - 10.1007/s10515-019-00254-6

M3 - Article

VL - 26

SP - 241

EP - 274

JO - Automated Software Engineering

JF - Automated Software Engineering

SN - 0928-8910

IS - 2

ER -