Understanding the Purpose of Permission Use in Mobile Apps
Haoyu Wang
Yuanchun Li
Yao Guo
ACM Trans. Inf. Syst.

Abstract

Mobile apps frequently request access to sensitive data, such as location and contacts. Understanding the purpose of why sensitive data is accessed could help improve privacy as well as enable new kinds of access control. In this article, we propose a text mining based method to infer the purpose of sensitive data access by Android apps. The key idea we propose is to extract multiple features from app code and then use those features to train a machine learning classifier for purpose inference. We present the design, implementation, and evaluation of two complementary approaches to infer the purpose of permission use, first using purely static analysis, and then using primarily dynamic analysis. We also discuss the pros and cons of both approaches and the trade-offs involved.

Bibtex

@article{Wang:2017:UPP:3112649.3086677,
    author = "Wang, Haoyu and Li, Yuanchun and Guo, Yao and Agarwal, Yuvraj and Hong, Jason I",
    pages = "43:1----43:40",
    journal = "ACM Trans. Inf. Syst.",
    title = "Understanding the Purpose of Permission Use in Mobile Apps",
    year = "2017",
    month = "07",
    volume = "35",
    doi = "10.1145/3086677"
}

Plain Text

Haoyu Wang, Yuanchun Li, Yao Guo, Yuvraj Agarwal, and Jason I Hong. Understanding the purpose of permission use in mobile apps. ACM Trans. Inf. Syst., 35:43:1—–43:40, 07 2017. doi:10.1145/3086677.