Mining android apps to recommend permissions

No Thumbnail Available
Authors
Karim, Md Yasser
Kagdi, Huzefa Hatimbhai
Di Penta, Massimiliano
Advisors
Issue Date
2016
Type
Conference paper
Keywords
App Developer , Android , Mining , Association Rule
Research Projects
Organizational Units
Journal Issue
Citation
M. Y. Karim, H. Kagdi and M. D. Penta, "Mining Android Apps to Recommend Permissions," 2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER), Suita, 2016, pp. 427-437
Abstract

Permission mechanisms play a crucial role for ensuring privacy and security of Android mobile applications (apps). An Android app that requires access to the device resources must be granted specific permissions for its correct operation. Oftentimes, the requested permissions depend on the APIs being used, e.g., a location-based service API may need a specific permission to access the device's GPS or an API supporting data persistence may need another permission to write to the device's external storage. App developers need to be aware of this API from/to permission traceability, which is not necessarily explicitly documented, for the proper functioning of the desired app feature. This paper presents an approach, named ApMiner, which relies on association rule discovery to identify co-occurrence patterns of Android APIs and permissions. Based on the usage of APIs and permissions in other apps published in a marketplace, the approach is able to learn and help a developer of a new app to recommend the permissions to be added given the APIs being used. ApMiner has been empirically evaluated on 600 apps from F-Droid, a marketplace for free and open source apps. We compared ApMiner with the state-of-the-art approaches Androguard and PScout, which rely on traditional static and dynamic analyses to recommend permissions. Results show that ApMiner has substantial precision gains (about 1.5 to 2 times) over the compared approaches, while keeping a similar and slightly better level of recall. Overall, our findings suggest that a mining based approach could offer much improved effectiveness in automatically recommending permissions in developing (new) Android apps.

Table of Contents
Description
Click on the DOI link to access the article (may not be free).
Publisher
IEEE
Journal
Book Title
Series
2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER);
PubMed ID
DOI
ISSN
EISSN