Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

10-2015

Abstract

To improve the security awareness of end users, Android markets directly present two classes of literal app information: 1) permission requests and 2) textual descriptions. Unfortunately, neither can serve the needs. A permission list is not only hard to understand but also inadequate; textual descriptions provided by developers are not security-centric and are significantly deviated from the permissions. To fill in this gap, we propose a novel technique to automatically generate security-centric app descriptions, based on program analysis. We implement a prototype system, DESCRIBEME, and evaluate our system using both DroidBench and real-world Android apps. Experimental results demonstrate that DESCRIBEME enables a promising technique which bridges the gap between descriptions and permissions. A further user study shows that automatically produced descriptions are not only readable but also effectively help users avoid malware and privacy-breaching apps.

Keywords

Android, Natural language generation, Program analysis, Subgraph mining, Textual description

Discipline

Information Security

Research Areas

Cybersecurity; Information Systems and Management

Publication

Proceedings of the 22nd ACM Conference on Computer and Communications Security, Colorado, USA, 2015 October 12-16

Volume

2015

First Page

518

Last Page

529

Identifier

10.1145/2810103.2813669

Publisher

ACM

City or Country

New York

Copyright Owner and License

Authors

Additional URL

http://doi.org/10.1145/2810103.2813669

Download

Share

COinS