Top

Published in:

2020 | OriginalPaper | Chapter

MAPPER: Mapping Application Description to Permissions

Authors : Rajendra Kumar Solanki, Vijay Laxmi, Manoj Singh Gaur

Published in: Risks and Security of Internet and Systems

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Android operating system has seen phenomenal growth, and Android Applications (Apps) have proliferated into mainstream usage across the globe. Are users informed by the developers about everything an App does when they consent to install an App from Google’s Play Store? In this paper, we propose a technique called MAPPER which aggregates the App permissions with the textual description for more precise App permissions enumeration. We focus on whether the application description fully describes permissions an App will ask and whether the user is made aware of those possible capabilities to take informed decision to install or not to install the App. We investigate permissions inferred from application descriptions and permissions declared in the Android manifest files of 1100+ Android applications. MAPPER prototype finds a large number of Apps live on Google’s Play Store which do not inform users about permissions, more than three-fourths of them are over-privileged from this perspective, and their application descriptions need revision. Our work can be used by App developers also to educate users in a better way.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Inference Control in Distributed Environment: A Comparison Study

next chapter Delegation of Computation Using FV Cryptosystem

Usage of Apps. https://mindsea.com/app-stats/. Accessed 01 May 2019

Android Open Source Project. https://source.android.com

Number of Android Apps. https://www.statista.com/statistics/276623/number-of-apps-available-in-leading-app-stores/. Accessed 01 May 2019

Gartner Report (2018). https://www.gartner.com/newsroom/id/3859963

Project Strobe by Google. https://www.blog.google/technology/safety-security/project-strobe/. Accessed 01 May 2019

Facebook-Cambridge Analytica Data Scandal. https://en.wikipedia.org/wiki/Face book%E2%80%93Cambridge_Analytica_data_scandal. Accessed 01 May 2019

Organizations updating Privacy Policy. https://www.popsci.com/gdpr-privacy-policy-update-notices. Accessed 01 May 2019

GDPR. https://eugdpr.org/

Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS 2011), Chicago, Illinois, USA, pp. 627–638 (2011)

10.

Vidas, T., Christin, N., Cranor, L.F.: Curbing Android permission creep. In: W2SP 2011, CMU, USA (2011)

11.

Au, K.W.Y., Zhou, Y.F., Huang, Z., Lie, D.: PScout: analyzing the Android permission specification. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS 2012), Raleigh, North Carolina, USA, pp. 217–228 (2012)

12.

Pandita, R., Xiao, X., Yang, W., Enck, W., Xie, T.: WHYPER: towards automating risk assessment of mobile applications. In: Proceedings of 22nd USENIX Security Symposium, pp. 527–542 (2013)

13.

Gorla, A., Tavecchia, I., Gross, F., Zeller, A.: Checking app behavior against app descriptions. In: Proceedings of the 36th International Conference on Software Engineering (ICSE 2014), Hyderabad, India, pp. 1025–1035 (2014)

14.

Geneiatakis, D., Fovino, I.N., Kounelis, I., Stirparo, P.: A permission verification approach for Android mobile applications. Comput. Secur. 49, 192–205 (2014)

15.

Wei, M., Gong, X., Wang, W.: Claim what you need: a text-mining approach on Android permission request authorization. In: 2015 IEEE Global Communications Conference (GLOBECOM), San Diego, CA, USA (2015)

16.

Wijesekera, P., Baokar, A., Hosseini, A., Egelman, S., Wagner, D., Beznosov, K.: Android permissions re-mystified: a field study on contextual integrity. In: Proceedings of the 24th USENIX Security Symposium, pp. 499–514 (2015)

17.

Gerber, P., Volkamer, M., Renaud, K.: The simpler, the better? Presenting the COPING Android permission-granting interface for better privacy-related decisions. J. Inf. Secur. Appl. 34(Part 1), 8–26 (2017)

18.

Chrome Driver. http://chromedriver.chromium.org/

19.

Manifest Permissions. https://developer.android.com/reference/android/Manifest.permission.html. Accessed 30 Apr 2019

20.

Permission Groups. https://developer.android.com/reference/android/Manifest.permission_group. Accessed 30 Apr 2019

21.

Protection Levels. https://developer.android.com/guide/topics/manifest/permission-element.html. Accessed 30 Apr 2019

22.

Requesting Permissions. https://developer.android.com/training/permissions/requesting. Accessed 30 Apr 2019

23.

AOSP source for Manifest XML. https://github.com/aosp-mirror/platform_frameworks_base/blob/master/core/res/AndroidManifest.xml

24.

Spacy. https://spacy.io/usage/linguistic-features

25.

NLTK. https://www.nltk.org/

26.

APK Pure Archive. https://apkpure.com

27.

APK Tool for reverse engineering APK files. https://ibotpeaches.github.io/Apktool

28.

Android Asset Packaging Tool (AAPT). https://elinux.org/Android_aapt

29.

Precision and Recall. https://en.wikipedia.org/wiki/Precision_and_recall

30.

AndroGuard. https://github.com/androguard

31.

Google Play Store. https://play.google.com/store

32.

Android Essentials Toolbox from EnSoft. https://github.com/EnSoftCorp/android-essentials-toolbox

33.

Stanford typed dependency. https://nlp.stanford.edu/software/stanford-dependencies.html. Accessed 18 May 2019

34.

de Marneffe, M.-C., Manning, C.D.: The Stanford typed dependencies representation. In: Proceedings of the Workshop in COLING 2008, pp. 1–8 (2008)

35.

Android API 23 changes. https://developer.android.com/sdk/api_diff/23/changes/android.Manifest.permission.html. Accessed 01 May 2019

Title: MAPPER: Mapping Application Description to Permissions
Authors: Rajendra Kumar Solanki
Vijay Laxmi
Manoj Singh Gaur
Publisher: Springer International Publishing
Book: Risks and Security of Internet and Systems
Print ISBN: 978-3-030-41567-9

Electronic ISBN: 978-3-030-41568-6

Copyright Year: 2020
DOI: https://doi.org/10.1007/978-3-030-41568-6_6

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner