Publication Type
Conference Proceeding Article
Version
publishedVersion
Publication Date
4-2024
Abstract
Android apps typically include many functionalities that not all users require. These result in software bloat that increases possible attack surface and app size. Common functionalities that users may not require are related to permissions that they intend to disallow in the first place. As these permissions are disallowed, their related code would never be executed and therefore can be safely removed. Existing work has proposed a solution to debloat Android apps according to the disallowed permissions. However, for large and complex applications, the debloating process could take hours, typically due the long time that may be needed to construct call graph for analysis. In this work, we propose MiniAppPerm, that speeds up the permission-based debloating by constructing a partial call graph instead of a complete call graph. Our preliminary experiments on a set of apps in Google Play show that MiniAppPerm can reduce the call graph construction time by up to 85.3%. We also checked that the debloated apps can run without crashes.
Keywords
Security and privacy, Software security engineering
Discipline
Software Engineering
Research Areas
Software and Cyber-Physical Systems
Publication
MOBILESoft '24: Proceedings of the IEEE/ACM 11th International Conference on Mobile Software Engineering and Systems, Lisbon Portugal, April 14-15
First Page
84
Last Page
87
ISBN
9798400705946
Identifier
10.1145/3647632.3651390
Publisher
ACM
City or Country
New York
Citation
Ferdian, Thung; LIU, Jiakun; RATTANUKUL, Pattarakrit; MAOZ, Shahar; TOCH, Eran; GAO, Debin; and LO, David.
Towards speedy permission-based debloating for Android apps. (2024). MOBILESoft '24: Proceedings of the IEEE/ACM 11th International Conference on Mobile Software Engineering and Systems, Lisbon Portugal, April 14-15. 84-87.
Available at: https://ink.library.smu.edu.sg/sis_research/9259
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1145/3647632.3651390