What permissions should this Android app request?

Author

Lingfeng BAO, Zhejiang University
David LO, Singapore Management UniversityFollow
Xin XIA, Zhejiang University
Shanping LI, Zhejiang University

Publication Type

Conference Proceeding Article

Version

acceptedVersion

Publication Date

11-2016

Abstract

As Android is one of the most popular open source mobile platforms, ensuring security and privacy of Android applications is very important. Android provides a permission mechanism which requires developers to declare sensitive resources their applications need, and users need to agree with this request when they install (for Android API level 22 or lower) or run (for Android API level 23) these applications. Although Android provides very good official documents to explain how to properly use permissions, unfortunately misuses even for the most popular permissions have been reported. Recently, Karim et al. propose an association rule mining based approach to better infer permissions that an API needs. In this work, to improve the effectiveness of the prior work, we propose an approach which is based on collaborative filtering technique, one of popular techniques used to build recommendation systems. Our approach is designed based on the intuition that apps that have similar features - inferred from the APIs that they use - usually share similar permissions. We evaluate the proposed approaches on 936 Android apps from F-Droid, which is a repository of free and open source Android applications. The experimental results show that our proposed approaches achieve significant improvement in terms of the precision, recall, F1-score and MAP of the top-k results over Karim et al.'s approach.

Keywords

Android, Association Rule, Collaborative Filtering, Permission Recommendation

Discipline

Computer Sciences | Software Engineering

Research Areas

Software and Cyber-Physical Systems

Publication

SATE 2016: Proceedings of International Conference on Software Analysis, Testing and Evolution: Proceedings: Kunming, November 3-4, 2016

First Page

1

Last Page

6

ISBN

9781509045174

Identifier

10.1109/SATE.2016.13

Publisher

IEEE

City or Country

Piscataway, NJ

Citation

BAO, Lingfeng; LO, David; XIA, Xin; and LI, Shanping. What permissions should this Android app request?. (2016). SATE 2016: Proceedings of International Conference on Software Analysis, Testing and Evolution: Proceedings: Kunming, November 3-4, 2016. 1-6.
Available at: https://ink.library.smu.edu.sg/sis_research/3560

Copyright Owner and License

Authors

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1109/SATE.2016.13