Right to know, right to refuse: Towards UI perception-based automated fine-grained permission controls for Android apps

Author

Vikas Kumar MALVIYA, Singapore Management UniversityFollow
Chee Wei LEOW, Singapore Management UniversityFollow
ASHOK KASTHURI, Singapore Management UniversityFollow
Naing Tun YAN, Singapore Management UniversityFollow
Lwin Khin SHAR, Singapore Management UniversityFollow
Lingxiao JIANG, Singapore Management UniversityFollow

Publication Type

Conference Proceeding Article

Version

acceptedVersion

Publication Date

10-2022

Abstract

It is the basic right of a user to know how the permissions are used within the Android app’s scope and to refuse the app if granted permissions are used for the activities other than specified use which can amount to malicious behavior. This paper proposes an approach and a vision to automatically model the permissions necessary for Android apps from users’ perspective and enable fine-grained permission controls by users, thus facilitating users in making more well-informed and flexible permission decisions for different app functionalities, which in turn improve the security and data privacy of the App and enforce apps to reduce permission misuses. Our proposed approach works in mainly two stages. First, it looks for discrepancies between the permission uses perceivable by users and the permissions actually used by apps via program analysis techniques. Second, it runs prediction algorithms using machine learning techniques to catch the discrepancies in permission usage and thereby alert the user for action about data violation. We have evaluated preliminary implementations of our approach and achieved promising fine-grained permission control accuracy. In addition to the benefits of users’ privacy protection, we envision that wider adoption of the approach may also enforce better privacy-aware design by responsible bodies such as app developers, governments, and enterprises.

Keywords

automated permission control, UI perception, Android application analysis, Android permissions, machine learning

Discipline

Information Security | Software Engineering

Research Areas

Software and Cyber-Physical Systems

Publication

Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE), Ann Arbor, Michigan, 2022 October 10-14

First Page

1

Last Page

6

ISBN

9781450394758

Identifier

10.1145/3551349.3559556

Publisher

ACM

City or Country

Ann Arbor, Michigan

Citation

MALVIYA, Vikas Kumar; LEOW, Chee Wei; ASHOK KASTHURI; YAN, Naing Tun; SHAR, Lwin Khin; and JIANG, Lingxiao. Right to know, right to refuse: Towards UI perception-based automated fine-grained permission controls for Android apps. (2022). Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE), Ann Arbor, Michigan, 2022 October 10-14. 1-6.
Available at: https://ink.library.smu.edu.sg/sis_research/7777

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1145/3551349.3559556