An Android Application Risk Evaluation Framework Based on Minimum Permission Set Identification

01/23/2020
by   Jianmao Xiao, et al.
0

Android utilizes a security mechanism that requires apps to request permission for accessing sensitive user data, e.g., contacts and SMSs, or certain system features, e.g., camera and Internet access. However, Android apps tend to be overprivileged, i.e., they often request more permissions than necessary. This raises the security problem of overprivilege. To alleviate the overprivilege problem, this paper proposes MPDroid, an approach that combines static analysis and collaborative filtering to identify the minimum permissions for an Android app based on its app description and API usage. Given an app, MPDroid first employs collaborative filtering to identify the initial minimum permissions for the app. Then, through static analysis, the final minimum permissions that an app really needs are identified. Finally, it evaluates the overprivilege risk by inspecting the apps extra privileges, i.e., the unnecessary permissions requested by the app. Experiments are conducted on 16,343 popular apps collected from Google Play. The results show that MPDroid outperforms the state-of-the-art approach significantly.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
02/26/2019

SeMA: A Design Methodology for Building Secure Android Apps

UX designers use storyboards to visually capture a user experience (UX) ...
research
11/16/2021

NatiDroid: Cross-Language Android Permission Specification

The Android system manages access to sensitive APIs by permission enforc...
research
12/12/2021

CryptoEval: Evaluating the Risk of Cryptographic Misuses in Android Apps with Data-Flow Analysis

The misunderstanding and incorrect configurations of cryptographic primi...
research
05/23/2020

When Program Analysis Meets Bytecode Search: Targeted and Efficient Inter-procedural Analysis of Modern Android Apps in BackDroid

Widely-used Android static program analysis tools, e.g., Amandroid and F...
research
02/05/2023

Federated Privacy-preserving Collaborative Filtering for On-Device Next App Prediction

In this study, we propose a novel SeqMF model to solve the problem of pr...
research
12/19/2018

AnFlo: Detecting Anomalous Sensitive Information Flows in Android Apps

Smartphone apps usually have access to sensitive user data such as conta...

Please sign up or login with your details

Forgot password? Click here to reset