Automatic, highly accurate app permission recommendation

Author

Zhongxin LIU
Xin XIA
David LO, Singapore Management UniversityFollow
John GRUNDY

Publication Type

Journal Article

Version

publishedVersion

Publication Date

3-2019

Abstract

To ensure security and privacy, Android employs a permission mechanism which requires developers to explicitly declare the permissions needed by their applications (apps). Users must grant those permissions before they install apps or during runtime. This mechanism protects users’ private data, but also imposes additional requirements on developers. For permission declaration, developers need knowledge about what permissions are necessary to implement various features of their apps, which is difficult to acquire due to the incompleteness of Android documentation. To address this problem, we present a novel permission recommendation system named PerRec for Android apps. PerRec leverages mining-based techniques and data fusion methods to recommend permissions for given apps according to their used APIs and API descriptions. The recommendation scores of potential permissions are calculated by a composition of two techniques which are implemented as two components of PerRec: a collaborative filtering component which measures similarities between apps based on semantic similarities between APIs; and a content-based recommendation component which automatically constructs profiles for potential permissions from existing apps. The two components are combined in PerRec for better performance. We have evaluated PerRec on 730 apps collected from Google Play and F-Droid, a repository of free and open source Android apps. Experimental results show that our approach significantly improves the state-of-the-art approaches APRecCFcorrelation, APRec TEXT and Axplorer.

Keywords

Android security model, Collaborative filtering, Content-based recommendation, Permission recommendation

Discipline

Software Engineering | Systems Architecture

Research Areas

Data Science and Engineering

Publication

Automated Software Engineering

First Page

1

Last Page

34

ISSN

0928-8910

Identifier

10.1007/s10515-019-00254-6

Publisher

Springer (part of Springer Nature): Springer Open Choice Hybrid Journals

Citation

LIU, Zhongxin; XIA, Xin; LO, David; and GRUNDY, John. Automatic, highly accurate app permission recommendation. (2019). Automated Software Engineering. 1-34.
Available at: https://ink.library.smu.edu.sg/sis_research/4366

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1007/s10515-019-00254-6