What permissions should this android app request?

Lingfeng Bao, David Lo, Xin Xia, Shanping Li

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

8 Citations (Scopus)

Abstract

As Android is one of the most popular open source mobile platforms, ensuring security and privacy of Android applications is very important. Android provides a permission mechanism which requires developers to declare sensitive resources their applications need, and users need to agree with this request when they install (for Android API level 22 or lower) or run (for Android API level 23) these applications. Although Android provides very good official documents to explain how to properly use permissions, unfortunately misuses even for the most popular permissions have been reported. Recently, Karim et al. propose an association rule mining based approach to better infer permissions that an API needs. In this work, to improve the effectiveness of the prior work, we propose an approach which is based on collaborative filtering technique, one of popular techniques used to build recommendation systems. Our approach is designed based on the intuition that apps that have similar features - inferred from the APIs that they use - usually share similar permissions. We evaluate the proposed approaches on 936 Android apps from F-Droid, which is a repository of free and open source Android applications. The experimental results show that our proposed approaches achieve significant improvement in terms of the precision, recall, F1-score and MAP of the top-k results over Karim et al.'s approach.

Original languageEnglish
Title of host publicationProceedings - 2016 International Conference on Software Analysis, Testing and Evolution, SATE 2016
Subtitle of host publication3-4 November 2016, Kunming, Yunnan, China
EditorsXin Peng, He Jiang
Place of PublicationPiscataway NJ USA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages36-41
Number of pages6
ISBN (Electronic)9781509045174
ISBN (Print)9781509045181
DOIs
Publication statusPublished - 2016
Externally publishedYes
EventInternational Conference on Software Analysis, Testing and Evolution 2016 - Kunming, Yunnan, China
Duration: 3 Nov 20164 Nov 2016
http://software.nju.edu.cn/ise/sate/en/index.html

Conference

ConferenceInternational Conference on Software Analysis, Testing and Evolution 2016
Abbreviated titleSATE 2016
CountryChina
CityKunming, Yunnan
Period3/11/164/11/16
Internet address

Keywords

  • Android
  • Association Rule
  • Collaborative Filtering
  • Permission Recommendation

Cite this