P. Chester, Chris Jones, Mohamed Wiem Mkaouer, Daniel E. Krutz
{"title":"M-Perm: A Lightweight Detector for Android Permission Gaps","authors":"P. Chester, Chris Jones, Mohamed Wiem Mkaouer, Daniel E. Krutz","doi":"10.1109/MOBILESoft.2017.23","DOIUrl":null,"url":null,"abstract":"Android apps operate under a permissions-based system where access to specific APIs are restricted through the use of permissions. Unfortunately, there is no built-in verification system to ensure that apps do not request too many or too few permissions, which could lead to serious quality and/or privacy concerns. Apps requesting too many permissions create unnecessary vulnerabilities, leaving the potential for abuse by SDKs within the app or other malicious apps installed on the device. In order to assist with the discovery of misused permissions, we created a new detection tool, M-Perm, which combines static and dynamic analysis in a computationally efficient manner compared to existing tools. M-Perm also identifies permission usage in apps including requested normal, dangerous, and 3rd party permissions. The tool, complete usage instructions, and screencast are available online: http://www.m-perm.com.","PeriodicalId":281934,"journal":{"name":"2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems (MOBILESoft)","volume":"85 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems (MOBILESoft)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MOBILESoft.2017.23","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 10
Abstract
Android apps operate under a permissions-based system where access to specific APIs are restricted through the use of permissions. Unfortunately, there is no built-in verification system to ensure that apps do not request too many or too few permissions, which could lead to serious quality and/or privacy concerns. Apps requesting too many permissions create unnecessary vulnerabilities, leaving the potential for abuse by SDKs within the app or other malicious apps installed on the device. In order to assist with the discovery of misused permissions, we created a new detection tool, M-Perm, which combines static and dynamic analysis in a computationally efficient manner compared to existing tools. M-Perm also identifies permission usage in apps including requested normal, dangerous, and 3rd party permissions. The tool, complete usage instructions, and screencast are available online: http://www.m-perm.com.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
