Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

4-2024

Abstract

Android apps typically include many functionalities that not all users require. These result in software bloat that increases possible attack surface and app size. Common functionalities that users may not require are related to permissions that they intend to disallow in the first place. As these permissions are disallowed, their related code would never be executed and therefore can be safely removed. Existing work has proposed a solution to debloat Android apps according to the disallowed permissions. However, for large and complex applications, the debloating process could take hours, typically due the long time that may be needed to construct call graph for analysis. In this work, we propose MiniAppPerm, that speeds up the permission-based debloating by constructing a partial call graph instead of a complete call graph. Our preliminary experiments on a set of apps in Google Play show that MiniAppPerm can reduce the call graph construction time by up to 85.3%. We also checked that the debloated apps can run without crashes.

Keywords

Security and privacy, Software security engineering

Discipline

Software Engineering

Research Areas

Software and Cyber-Physical Systems

Publication

MOBILESoft '24: Proceedings of the IEEE/ACM 11th International Conference on Mobile Software Engineering and Systems, Lisbon Portugal, April 14-15

First Page

84

Last Page

87

ISBN

9798400705946

Identifier

10.1145/3647632.3651390

Publisher

ACM

City or Country

New York

Additional URL

https://doi.org/10.1145/3647632.3651390

Share

COinS