Automated Android application permission recommendation

Author

Lingfeng BAO, Zhejiang University
David LO, Singapore Management UniversityFollow
Xin XIA, Zhejiang University
Shanping LI, Zhejiang University

Publication Type

Journal Article

Version

acceptedVersion

Publication Date

9-2017

Abstract

The number of Android applications has increased rapidly as Android is becoming the dominant platform in the smartphone market. Security and privacy are key factors for an Android application to be successful. Android provides a permission mechanism to ensure security and privacy. This permission mechanism requires that developers declare the sensitive resources required by their applications. On installation or during runtime, users are required to agree with the permission request. However, in practice, there are numerous popular permission misuses, despite Android introducing official documents stating how to use these permissions properly. Some data mining techniques (e.g., association rule mining) have been proposed to help better recommend permissions required by an API. In this paper, based on popular techniques used to build recommendation systems, we propose two novel approaches to improve the effectiveness of the prior work. The first approach utilizes a collaborative filtering technique, which is inspired by the intuition that apps that have similar features — inferred from their APIs — usually share similar permissions. The second approach recommends permissions based on a text mining technique that uses a naive Bayes multinomial classification algorithm to build a prediction model by analyzing descriptions of apps. To evaluate these two approaches, we use 936 Android apps from F-Droid, which is a repository of free and open source Android applications. We find that our proposed approaches yield a significant improvement in terms of precision, recall, F1-score, and MAP of the top-kresults over the baseline approach.

Keywords

Android, permission recommendation, association rule, collaborative filtering, text mining

Discipline

OS and Networks | Programming Languages and Compilers | Software Engineering

Research Areas

Software and Cyber-Physical Systems

Publication

Science China Information Sciences

Volume

60

Issue

1

First Page

1

Last Page

17

ISSN

1674-733X

Identifier

10.1007/s11432-016-9072-3

Publisher

Springer Verlag (Germany)

Citation

BAO, Lingfeng; LO, David; XIA, Xin; and LI, Shanping. Automated Android application permission recommendation. (2017). Science China Information Sciences. 60, (1), 1-17.
Available at: https://ink.library.smu.edu.sg/sis_research/3679

Copyright Owner and License

Authors

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1007/s11432-016-9072-3