What Permissions Should This Android App Request?

Lingfeng Bao, D. Lo, Xin Xia, Shanping Li
{"title":"What Permissions Should This Android App Request?","authors":"Lingfeng Bao, D. Lo, Xin Xia, Shanping Li","doi":"10.1109/SATE.2016.13","DOIUrl":null,"url":null,"abstract":"As Android is one of the most popular open source mobile platforms, ensuring security and privacy of Android applications is very important. Android provides a permission mechanism which requires developers to declare sensitive resources their applications need, and users need to agree with this request when they install (for Android API level 22 or lower) or run (for Android API level 23) these applications. Although Android provides very good official documents to explain how to properly use permissions, unfortunately misuses even for the most popular permissions have been reported. Recently, Karim et al. propose an association rule mining based approach to better infer permissions that an API needs. In this work, to improve the effectiveness of the prior work, we propose an approach which is based on collaborative filtering technique, one of popular techniques used to build recommendation systems. Our approach is designed based on the intuition that apps that have similar features - inferred from the APIs that they use - usually share similar permissions. We evaluate the proposed approaches on 936 Android apps from F-Droid, which is a repository of free and open source Android applications. The experimental results show that our proposed approaches achieve significant improvement in terms of the precision, recall, F1-score and MAP of the top-k results over Karim et al.'s approach.","PeriodicalId":344531,"journal":{"name":"2016 International Conference on Software Analysis, Testing and Evolution (SATE)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"16","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 International Conference on Software Analysis, Testing and Evolution (SATE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SATE.2016.13","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 16

Abstract

As Android is one of the most popular open source mobile platforms, ensuring security and privacy of Android applications is very important. Android provides a permission mechanism which requires developers to declare sensitive resources their applications need, and users need to agree with this request when they install (for Android API level 22 or lower) or run (for Android API level 23) these applications. Although Android provides very good official documents to explain how to properly use permissions, unfortunately misuses even for the most popular permissions have been reported. Recently, Karim et al. propose an association rule mining based approach to better infer permissions that an API needs. In this work, to improve the effectiveness of the prior work, we propose an approach which is based on collaborative filtering technique, one of popular techniques used to build recommendation systems. Our approach is designed based on the intuition that apps that have similar features - inferred from the APIs that they use - usually share similar permissions. We evaluate the proposed approaches on 936 Android apps from F-Droid, which is a repository of free and open source Android applications. The experimental results show that our proposed approaches achieve significant improvement in terms of the precision, recall, F1-score and MAP of the top-k results over Karim et al.'s approach.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
这个Android应用程序应该请求什么权限?
Android作为最流行的开源移动平台之一,确保Android应用程序的安全性和隐私性是非常重要的。Android提供了一种许可机制,要求开发者声明他们的应用程序需要的敏感资源,用户在安装(Android API级别22或更低)或运行(Android API级别23)这些应用程序时需要同意这个请求。尽管Android提供了非常好的官方文档来解释如何正确使用权限,但不幸的是,即使是最流行的权限,也有误用的报道。最近,Karim等人提出了一种基于关联规则挖掘的方法来更好地推断API所需的权限。在这项工作中,为了提高先前工作的有效性,我们提出了一种基于协同过滤技术的方法,协同过滤技术是构建推荐系统的常用技术之一。我们的方法是基于直觉设计的,即具有相似功能的应用程序-从它们使用的api推断-通常共享相似的权限。我们在来自F-Droid的936个Android应用程序上评估了所提出的方法,F-Droid是一个免费和开源的Android应用程序库。实验结果表明,与Karim等人的方法相比,我们提出的方法在top-k结果的查准率、查全率、F1-score和MAP方面都有了显著的提高。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
An Exploratory Analysis on Software Developers' Bug-Introducing Tendency over Time Automatic Reproducible Crash Detection Dynamically Detecting DOM-Related Atomicity Violations in JavaScript with Asynchronous Call Analysis of the Runtime Linux Operating System as a Complex Weighted Network How Is Code Recommendation Applied in Android Development: A Qualitative Review
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1