Towards speedy permission-based debloating for Android apps
Android apps typically include many functionalities that not all users require. These result in software bloat that increases possible attack surface and app size. Common functionalities that users may not require are related to permissions that they intend to disallow in the first place. As these p...
Saved in:
Main Authors: | , , , , , , |
---|---|
Format: | text |
Language: | English |
Published: |
Institutional Knowledge at Singapore Management University
2024
|
Subjects: | |
Online Access: | https://ink.library.smu.edu.sg/sis_research/9259 https://ink.library.smu.edu.sg/context/sis_research/article/10259/viewcontent/3647632.3651390.pdf |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Singapore Management University |
Language: | English |
id |
sg-smu-ink.sis_research-10259 |
---|---|
record_format |
dspace |
spelling |
sg-smu-ink.sis_research-102592024-09-02T06:35:04Z Towards speedy permission-based debloating for Android apps Ferdian, Thung LIU, Jiakun RATTANUKUL, Pattarakrit MAOZ, Shahar TOCH, Eran GAO, Debin LO, David Android apps typically include many functionalities that not all users require. These result in software bloat that increases possible attack surface and app size. Common functionalities that users may not require are related to permissions that they intend to disallow in the first place. As these permissions are disallowed, their related code would never be executed and therefore can be safely removed. Existing work has proposed a solution to debloat Android apps according to the disallowed permissions. However, for large and complex applications, the debloating process could take hours, typically due the long time that may be needed to construct call graph for analysis. In this work, we propose MiniAppPerm, that speeds up the permission-based debloating by constructing a partial call graph instead of a complete call graph. Our preliminary experiments on a set of apps in Google Play show that MiniAppPerm can reduce the call graph construction time by up to 85.3%. We also checked that the debloated apps can run without crashes. 2024-04-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/9259 info:doi/10.1145/3647632.3651390 https://ink.library.smu.edu.sg/context/sis_research/article/10259/viewcontent/3647632.3651390.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Security and privacy Software security engineering Software Engineering |
institution |
Singapore Management University |
building |
SMU Libraries |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
SMU Libraries |
collection |
InK@SMU |
language |
English |
topic |
Security and privacy Software security engineering Software Engineering |
spellingShingle |
Security and privacy Software security engineering Software Engineering Ferdian, Thung LIU, Jiakun RATTANUKUL, Pattarakrit MAOZ, Shahar TOCH, Eran GAO, Debin LO, David Towards speedy permission-based debloating for Android apps |
description |
Android apps typically include many functionalities that not all users require. These result in software bloat that increases possible attack surface and app size. Common functionalities that users may not require are related to permissions that they intend to disallow in the first place. As these permissions are disallowed, their related code would never be executed and therefore can be safely removed. Existing work has proposed a solution to debloat Android apps according to the disallowed permissions. However, for large and complex applications, the debloating process could take hours, typically due the long time that may be needed to construct call graph for analysis. In this work, we propose MiniAppPerm, that speeds up the permission-based debloating by constructing a partial call graph instead of a complete call graph. Our preliminary experiments on a set of apps in Google Play show that MiniAppPerm can reduce the call graph construction time by up to 85.3%. We also checked that the debloated apps can run without crashes. |
format |
text |
author |
Ferdian, Thung LIU, Jiakun RATTANUKUL, Pattarakrit MAOZ, Shahar TOCH, Eran GAO, Debin LO, David |
author_facet |
Ferdian, Thung LIU, Jiakun RATTANUKUL, Pattarakrit MAOZ, Shahar TOCH, Eran GAO, Debin LO, David |
author_sort |
Ferdian, Thung |
title |
Towards speedy permission-based debloating for Android apps |
title_short |
Towards speedy permission-based debloating for Android apps |
title_full |
Towards speedy permission-based debloating for Android apps |
title_fullStr |
Towards speedy permission-based debloating for Android apps |
title_full_unstemmed |
Towards speedy permission-based debloating for Android apps |
title_sort |
towards speedy permission-based debloating for android apps |
publisher |
Institutional Knowledge at Singapore Management University |
publishDate |
2024 |
url |
https://ink.library.smu.edu.sg/sis_research/9259 https://ink.library.smu.edu.sg/context/sis_research/article/10259/viewcontent/3647632.3651390.pdf |
_version_ |
1814047847143702528 |