Lingfeng Bao,David Lo,Xin Xia,Shanping Li

DOI: https://doi.org/10.1109/sate.2016.13

2016-01-01

Abstract:As Android is one of the most popular open source mobile platforms, ensuring security and privacy of Android applications is very important. Android provides a permission mechanism which requires developers to declare sensitive resources their applications need, and users need to agree with this request when they install (for Android API level 22 or lower) or run (for Android API level 23) these applications. Although Android provides very good official documents to explain how to properly use permissions, unfortunately misuses even for the most popular permissions have been reported. Recently, Karim et al. propose an association rule mining based approach to better infer permissions that an API needs. In this work, to improve the effectiveness of the prior work, we propose an approach which is based on collaborative filtering technique, one of popular techniques used to build recommendation systems. Our approach is designed based on the intuition that apps that have similar features - inferred from the APIs that they use - usually share similar permissions. We evaluate the proposed approaches on 936 Android apps from F-Droid, which is a repository of free and open source Android applications. The experimental results show that our proposed approaches achieve significant improvement in terms of the precision, recall, F1-score and MAP of the top-k results over Karim et al.'s approach.

Lingfeng Bao,David Lo,Xin Xia,Shanping Li

DOI: https://doi.org/10.1007/s11432-016-9072-3

2017-01-01

Abstract:The number of Android applications has increased rapidly as Android is becoming the dominant platform in the smartphone market. Security and privacy are key factors for an Android application to be successful. Android provides a permission mechanism to ensure security and privacy. This permission mechanism requires that developers declare the sensitive resources required by their applications. On installation or during runtime, users are required to agree with the permission request. However, in practice, there are numerous popular permission misuses, despite Android introducing official documents stating how to use these permissions properly. Some data mining techniques (e.g., association rule mining) have been proposed to help better recommend permissions required by an API. In this paper, based on popular techniques used to build recommendation systems, we propose two novel approaches to improve the effectiveness of the prior work. The first approach utilizes a collaborative filtering technique, which is inspired by the intuition that apps that have similar features — inferred from their APIs — usually share similar permissions. The second approach recommends permissions based on a text mining technique that uses a naive Bayes multinomial classification algorithm to build a prediction model by analyzing descriptions of apps. To evaluate these two approaches, we use 936 Android apps from F-Droid, which is a repository of free and open source Android applications. We find that our proposed approaches yield a significant improvement in terms of precision, recall, F1-score, and MAP of the top-k results over the baseline approach.

Xiao Xuan,Ye Wang,Shanping Li

DOI: https://doi.org/10.1109/repa.2014.6894842

2014-01-01

Abstract:Nowadays mobile devices have rapidly developed. Privacy protection for mobile operating systems has become a hot topic in industry and research, which also brings new challenges. The scenarios in mobile operating systems are different from those in tradition systems. Users of mobile systems face more and more new risks in new scenarios. On the other hand, personal data is growing exponentially every day. It reminds us the importance of privacy protection is also increasing at the same time.In this paper, we study the privacy patterns for mobile operating systems. We elicit privacy-related requirements in three ways - knowledge from domain experts, literature review on public documents of existing mature systems and feedback from real users. Based on these requirements, we propose 7 privacy patterns which are presented with the RePa Requirements Pattern Template. All of these patterns were refined by professional business analysts which concrete the result of our work. We believe that our findings can help business analysts with the description for privacy requirements in future mobile operating system development projects.

Yu Fu,Hao Jiang,Dongliang Zhang,Xusheng Zhang

DOI: https://doi.org/10.1109/access.2019.2899671

IF: 3.9

2019-01-01

IEEE Access

Abstract:This paper presents a case study of end users and designers and how they perceive different mobile shopping app user interfaces (UIs). This paper aims to explore the UI preference differences between users and designers and elucidate specified UI attributes that are reflective of user preferences. This paper contains three procedures: 1) eliciting users' and designers' UI perceptual similarity by sorting to identify UI perceptual similarity space; 2) eliciting users' and designers' overall preferences by rating, which displays the preference dimensions; and 3) eliciting users' and designers' idiosyncratic perceptions by using the repertory grid technique (RGT), which indicates the UI perceptual differences between the users and the designers. The specified inter-group perceptual differences were detected by comparing RGT-elicited perceptions. The UI design features were explored, which influenced the designers' and users' subjective evaluations. The results showed four typical mobile shopping app UIs, and the distribution of ideal preference UIs for users and designers was evaluated. Through the experiments, rich qualitative insights were quantified, and valuable information from the participants was obtained. The specified design attributes of UI on the mobile shopping app, which improved user satisfaction, were found out. Moreover, those attributes will help designers know which important attributes should be noted.

Haoyu Wang,Yuanchun Li,Yao Guo,Yuvraj Agarwal,Jason Hong

DOI: https://doi.org/10.1145/3086677

2017-01-01

Abstract:Mobile apps frequently request access to sensitive data, such as location and contacts. Understanding the purpose of why sensitive data is accessed could help improve privacy as well as enable new kinds of access control. In this article, we propose a text mining based method to infer the purpose of sensitive data access by Android apps. The key idea we propose is to extract multiple features from app code and then use those features to train a machine learning classifier for purpose inference. We present the design, implementation, and evaluation of two complementary approaches to infer the purpose of permission use, first using purely static analysis, and then using primarily dynamic analysis. We also discuss the pros and cons of both approaches and the trade-offs involved.

Mike Grace,Yajin Zhou,Zhi Wang,Xuxian Jiang

2011-01-01

Abstract:Recent years have witnessed increased popularity and adoption of smartphones partially due to the functionalities and convenience offered to their users (e.g., the ability to run third-party applications). To manage the amount of access given to smartphone applications, Android provides a permission-based security model, which requires each application to explicitly request permissions before it can be installed to run. In this paper, we systematically analyze eight flagship Android smartphones from leading manufacturers, including HTC, Motorola, and Samsung and found out that the stock phone images do not properly enforce the permission model. Several privileged permissions that protect the access to sensitive user data and dangerous features on the phones are unsafely exposed to other applications which do not need to request them for the actual use, a security violation termed capability leak in this paper. To facilitate identifying these capability leaks, we take a static analysis approach and have accordingly developed a system called Woodpecker. Our results with eight phone images show that among 13 privileged permissions examined so far, 11 were leaked, with individual phones leaking up to eight permissions. By exploiting these leaked capabilities, an untrusted application can manage to wipe out the user data, send out SMS messages (e.g., to premium numbers), record user conversation, or obtain user geo-locations on the affected phones – all without the need of asking for any permission.

Yiting Qu,Suguo Du,Shaofeng Li,Yan Meng,Le Zhang,Haojin Zhu

DOI: https://doi.org/10.1109/jiot.2020.3039472

IF: 10.6

2021-05-01

IEEE Internet of Things Journal

Abstract:Mobile applications play a crucial role in the IoT system, which is experiencing unprecedented growth. However, users possessing little knowledge of permission configurations often accept app permission requests without reading them, which opens a backdoor for the potential adversaries to launch the future attacks. Proposing an automatic permission management scheme is an attractive solution to solve this issue, but since users have varying attitudes toward privacy, such a scheme would be neither straightforward nor user friendly. In this study, an automatic permission optimization framework, Permizer, is proposed to recommend different app permission configurations to users with different privacy preferences. Permizer estimates the permission risks and builds the permission-functionality mapping to each app, then regulates the relationship between permission and app functionality. Permizer is the first module to achieve a balance between privacy protection and app functionality under the personal privacy preference condition. Finally, we develop Permizer as a one-button service on the real-world Android OS with 58 apps. Case studies conducted on TikTok and Amazon Alexa also demonstrate its practicability and effectiveness.

computer science, information systems,telecommunications,engineering, electrical & electronic

Hao Zhou,Haoyu Wang,Shuohan Wu,Xiapu Luo,Yajin Zhou,Ting Chen,Ting Wang

DOI: https://doi.org/10.1109/ase51524.2021.9678843

2021-01-01

Abstract:The Android research community has long focused on building the permission specification for Android framework APIs, which can be referenced by app developers to request the necessary permissions for their apps. However, existing studies just analyze the permission specification for Java framework APIs in Android SDK, whereas the permission specification for native framework APIs in Android NDK remains intact. Since more and more apps implement their functionalities using native framework APIs, and the permission specification for these APIs is poorly documented, the permission specification analysis for Android NDK is in urgent need. To fill in the gap, in this paper, we conduct the first permission specification analysis for Android NDK. In particular, to automatically generate the permission specification for Android NDK, we design and develop PSGen, a new tool that statically analyzes the implementation of Android framework and Android kernel to correlate native framework APIs with their required permissions. Applying PSGen to 3 Android systems, including Android 9.0, 10.0, and 11.0, we find that PSGen can precisely build the permission specification. With the help of PSGen, we discover more than 200 native framework APIs that are correlated with at least one permission.

Jiaojiao Fu,Yangfan Zhou,Xin Wang

DOI: https://doi.org/10.1002/spe.2734

2019-01-01

Abstract:SummaryMost Android applications include third‐party libraries (3PLs) to make revenues, to facilitate their development, and to track user behaviors. 3PLs generally require specific permissions to realize their functionalities. Current Android systems manage permissions in app (process) granularity. As a result, the permission sets of apps with 3PLs (3PL‐apps) may be augmented, introducing overprivilege risks. In this paper, we firstly study how severe the problem is by analyzing the permission sets of 27 718 real‐world Android apps with and without 3PLs downloaded in both 2016 and 2017. We find that the usage of 3PLs and the permissions required by 3PL‐apps have increased over time. As a result, the possibility of overprivilege risks increases. We then propose Perman, a fine‐grained permission management mechanism for Android. Perman isolates the permissions of the host app and those of the 3PLs through dynamic code instrumentation. It allows users to manage permission requests of different modules of 3PL‐apps during app runtime. Unlike existing tools, Perman does not need to redesign Android apps and systems. Therefore, it can be applied to millions of existing apps and various Android devices. We conduct experiments to evaluate the effectiveness and efficiency of Perman. The experimental results verify that Perman is capable of managing permission requests of the host app and those of the 3PLs. We also confirm that the overhead introduced by Perman is comparable to that by existing commercial permission management tools.

Yuan Zhang,Min Yang,Guofei Gu,Hao Chen

DOI: https://doi.org/10.1109/TIFS.2016.2581304

IF: 7.231

2016-01-01

IEEE Transactions on Information Forensics and Security

Abstract:To protect sensitive resources from unauthorized use, modern mobile systems, such as Android and iOS, design a permission-based access control model. However, current model could not enforce fine-grained control over the dynamic permission use contexts, causing two severe security problems. First, any code package in an application could use the granted permissions, inducing attackers to embed mal...

Xueqing Liu,Yue Leng,Wei Yang,Chengxiang Zhai,Tao Xie

DOI: https://doi.org/10.1109/re.2018.00024

2018-01-01

Abstract:During the development or maintenance of an Android app, the app developer needs to determine the app's security and privacy requirements such as permission requirements. Permission requirements include two folds. First, what permissions (i.e., access to sensitive resources, e.g., location or contact list) the app needs to request. Second, how to explain the reason of permission usages to users. In this paper, we focus on the multiple challenges that developers face when creating permission-usage explanations. We propose a novel framework, CLAP, that mines potential explanations from the descriptions of similar apps. CLAP leverages information retrieval and text summarization techniques to find frequent permission usages. We evaluate CLAP on a large dataset containing 1.4 million Android apps. The evaluation results outperform existing state-of-the-art approaches, showing great promise of CLAP as a tool for assisting developers and permission requirements discovery.

Hao Wu,Zheng Qin,Xuejin Tian,Edward Sun,Fengyuan Xu,Sheng Zhong

DOI: https://doi.org/10.1109/dsc47296.2019.8937600

2019-01-01

Abstract:Android, which accounts for 76.08% of the market(1), is the most popular and widely used mobile system today. Users install various applications from different sources and for different functionalities to get all sorts of services. Since smartphones carry a large amount of private user information, their security has been widely concerned in recent years. Android uses permissions to restrict the behaviors of applications and protect system resources and user privacy, such as location, password, and contact list carried on mobile devices. The research community has previously explored a variety of methods to enhance the permission system with the help of the system context and application program. However, such methods cannot address the permission violation issues raised by resources sharing, e.g., screen sharing and clipboard sharing, which are designed for more convenient human-computer interactions. In this work, we perform several proof-of-concept attacks on resources sharing to illustrate the deficiencies in the permission control system. We believe that the cause of these issues is that the permission control system does not fully understand the user's intentions. Then, we propose a non-intrusive user-action based permission control system, which can achieve more precise permission control by mining the user's intentions when operating the device.

Rui Chang,Liehui Jiang,Wenzhi Chen,Hongqi He,Shuiqiao Yang

DOI: https://doi.org/10.1109/cit.2016.14

2016-01-01

Abstract:As the number of smart devices continues to grow dramatically, programmes and data handled by such smart devices have become the primary targets of hackers and malwares. ARM-Android is the most widespread platform for smart devices. Access to privacy-and security-relevant parts of the API is controlled by the corresponding permission in a manifest. However, while requesting access to permissions, these applications may offer opportunities to malicious codes to gain access to other inaccessible resources which will cause a series of security issues. Recently, many researchers focus on the permission-based mechanism which restricts accesses of users and applications to critical resources on an ARM-Android device. Few works among permission analysis, however, pay attention to the prevention of permission leakage on both hardware and software frameworks. In this paper we tackle the challenge of providing our permission-based security architecture on ARM-Android platform. We propose an usage and access control model and an effective method of preventing permission leakage based on ARM TrustZone security extension. In contrast to previous work, the proposed security architecture provides a flexible mandatory access control on Android middleware, Linux kernel, and hardware layers. The evaluation results demonstrate the effectiveness in mitigating permission leakage vulnerabilities.

Shaokun Zhang,Hanwen Lei,Yuanpeng Wang,Ding Li,Yao Guo,Xiangqun Chen

DOI: https://doi.org/10.1109/issre59848.2023.00057

2023-01-01

Abstract:Assessing description-to-permission fidelity is critical for safeguarding personal data accessed through sensitive APIs in Android apps. However, it remains a challenge for existing methods, both static and dynamic. Static methods are either infeasible due to various dynamic features (e.g., code obfuscation, dynamic class loading, and reflection) or too coarse-grained to understand how sensitive APIs collect privacy data under runtime contexts. Existing dynamic methods lack contextual understanding regarding sensitive API calls. For example, they fail to understand which GUI widgets are more likely to trigger sensitive APIs and ignore the preceding UI contexts that could reveal the intention of API calls when analyzing their fidelity.In this paper, we propose an API-driven automated dynamic analysis tool called APIMind for assessing runtime description-to-permission fidelity in Android apps. APIMind can discover sensitive APIs more effectively by utilizing multimodal features to jointly infer the semantics of GUI widgets and leveraging deep networks to automatically learn their relationship based on multifaceted rewards. Then, it could accurately assess description-to-permission fidelity by developing an extended tool that considers dual UI contexts (i.e., preceding and current contexts). We evaluate the accuracy and efficiency of APIMind using 121 real-world apps. Experimental results demonstrate that APIMind can achieve a detection accuracy of 96.1%. Compared to the competitive baseline, APIMind increases efficiency by 43%. In addition, based on our proposed tool, we conduct a large-scale case study of 1013 real Android apps, which reveals the prevalence of several typical inconsistencies and demonstrates the effectiveness of our approach in the wild.

LU Wenxiong,WANG Haoyu

DOI: https://doi.org/10.11959/j.issn.2096-0271.2020003

IF: 3.3

2020-01-01

Big Data Research

Abstract:Mobile systems,such as Android,use permission-based access control mechanism,which is at the granularity of each application.Apart from the code from developers themselves,applications also contain code from third-party libraries,which has led to serious overuse of application permissions.A novel origin-based (similar to browsers) and fine-grained control mechanism was introduced,which broke the boundary between applications in terms of access control and finegrained the granularity to the level of code source.The mechanism was implemented onto Android framework,and a set of tools to modify applications were also offered.Experiment results suggest that system can allow (or limit) certain developers to execute certain sensitive behaviors.

Zhongxin Liu,Xin Xia,David Lo,John Grundy

DOI: https://doi.org/10.1007/s10515-019-00254-6

IF: 1.677

2019-01-01

Automated Software Engineering

Abstract:To ensure security and privacy, Android employs a permission mechanism which requires developers to explicitly declare the permissions needed by their applications (apps). Users must grant those permissions before they install apps or during runtime. This mechanism protects users' private data, but also imposes additional requirements on developers. For permission declaration, developers need knowledge about what permissions are necessary to implement various features of their apps, which is difficult to acquire due to the incompleteness of Android documentation. To address this problem, we present a novel permission recommendation system named PerRec for Android apps. PerRec leverages mining-based techniques and data fusion methods to recommend permissions for given apps according to their used APIs and API descriptions. The recommendation scores of potential permissions are calculated by a composition of two techniques which are implemented as two components of PerRec: a collaborative filtering component which measures similarities between apps based on semantic similarities between APIs; and a content-based recommendation component which automatically constructs profiles for potential permissions from existing apps. The two components are combined in PerRec for better performance. We have evaluated PerRec on 730 apps collected from Google Play and F-Droid, a repository of free and open source Android apps. Experimental results show that our approach significantly improves the state-of-the-art approaches APRecCFcorrelation, APRecTEXT and Axplorer.

Anna Barzolevskaia,Enrico Branca,Natalia Stakhanova

DOI: https://doi.org/10.1109/tse.2024.3362921

IF: 7.4

2024-01-01

IEEE Transactions on Software Engineering

Abstract:Within the Android mobile operating system, Android permissions act as a system of safeguards designed to restrict access to potentially sensitive data and privileged components. Multiple research studies indicate flaws and limitations of the Android permission system, prompting Google to implement a more regulated and fine-grained permission model. This newly-introduced complexity creates confusion for developers leading to incorrect permissions and a significant risk to users security and privacy. We present a systematic study of theoretical and practical misuse of permissions. For this analysis we derive the unified permissions and call mappings that represent theoretical requirements of permissions and calls. We develop PChecker, an approach that identifies the discrepancies between the official Android permissions documentation and permission implementation in the Android platform source code based on these mappings. We evaluate four versions of the Android Open Source Project code (major versions 10–13) and shed light on the prevalence of discrepancies between the official Android guidelines for permissions and their implementation in the Android platform source code. We further show that these discrepancies result in miscompliance in third-party Android apps.

engineering, electrical & electronic,computer science, software engineering

Jiaojiao Fu,Yangfan Zhou,Huan Liu,Yu Kang,Xin Wang

DOI: https://doi.org/10.1109/ISSRE.2017.38

2017-01-01

Abstract:Third-party libraries (3PLs) are widely introduced into Android apps and they typically request permissions for their own functionalities. Current Android systems manage permissions in process (app) granularity. Hence, the host app and the 3PLs share the same permission set. 3PL-apps may therefore introduce security risks. Separating the permission sets of the 3PLs and those of the host app are critical to alleviate such security risks. In this paper, we provide Perman, a tool that allows users to manage permissions of different modules (i.e., a 3PL or the host app) of an app at runtime. Perman relies on dynamic code instrumentation to intercept permission requests, and accordingly provide a policy-based permission control. Unlike existing tools that generally require to redesign 3PL-apps, it can thus be applied to the existing apps in market. We evaluate Perman on real-world apps. The experiment results verify its effectiveness in fine-grained permission management.

Run Wang,Zhibo Wang,Benxiao Tang,Lei Zhao,Lina Wang

DOI: https://doi.org/10.1109/tmc.2019.2934441

IF: 6.075

2020-01-01

IEEE Transactions on Mobile Computing

Abstract:With the unprecedented convenience brought by Apps on mobile devices, we are facing severe security attacks and privacy leakage caused by them since they may stealthily access unclaimed or unneeded permissions for some purposes. Many works strive to discover these malicious apps using program analysis techniques, however, they fail to tell users why an app needs to request the permission from users' perspective. In this paper, we leverage the power of the crowdsourced user reviews to understand why an app requests a permission. We propose a framework, called SmartPI, that automatically identifies functionality-relevant user reviews and infers the permission implication of them, bridging the gap between the functionalities and the actual behaviors of an app. In particular, we extract features from the platform documents to identify functionality-relevant user reviews from noisy crowdsourced user reviews with Natural Language Processing (NLP) techniques. The topic model is further adopted to infer the permission implications of apps from the functionality-relevant user reviews. More than 20,000 apps, 2,653,159 users, and 4,247,769 user reviews are crawled from Google Play as a real-world dataset to evaluate the performance of SmartPI. The experiments results show that the permission usage of apps can be better reflected by user reviews than the claimed descriptions of apps.

Jiao Zhu,Hongwei Li,Xin Peng,Wenyun Zhao

DOI: https://doi.org/10.3969/j.issn.1000-386x.2014.10.007

2014-01-01

Abstract:Android system is one of the most popular intelligent terminal operating systems in the world.With users number growing quickly,its market sharing expands rapidly as well,and a great deal of Android applications is available.In response to malicious software in Android applications market and safeguarding the system security of users’mobile phones,Android system uses the permission-based security mechanism and demands its applications declaring the system permissions used in advance.In this paper,we explore and study the relationship between the applications function and the system permissions of Android.After gathering massive amount of data from internet in regard to Android applications market,we analyse the semantic relationship between the function description of Android applications and the permission declared by current Android system using the technologies of information retrieval and semantic analysis,and finally get a relationship model.This model can be used for future studying the rationality and security of the permission declaration in Android applications,and provides the application market and Android users with supports for application credibility assessment.