Towards speedy permission-based debloating for Android apps

Android apps typically include many functionalities that not all users require. These result in software bloat that increases possible attack surface and app size. Common functionalities that users may not require are related to permissions that they intend to disallow in the first place. As these p...

Full description

Saved in:
Bibliographic Details
Main Authors: Ferdian, Thung, LIU, Jiakun, RATTANUKUL, Pattarakrit, MAOZ, Shahar, TOCH, Eran, GAO, Debin, LO, David
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2024
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/9259
https://ink.library.smu.edu.sg/context/sis_research/article/10259/viewcontent/3647632.3651390.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-10259
record_format dspace
spelling sg-smu-ink.sis_research-102592024-09-02T06:35:04Z Towards speedy permission-based debloating for Android apps Ferdian, Thung LIU, Jiakun RATTANUKUL, Pattarakrit MAOZ, Shahar TOCH, Eran GAO, Debin LO, David Android apps typically include many functionalities that not all users require. These result in software bloat that increases possible attack surface and app size. Common functionalities that users may not require are related to permissions that they intend to disallow in the first place. As these permissions are disallowed, their related code would never be executed and therefore can be safely removed. Existing work has proposed a solution to debloat Android apps according to the disallowed permissions. However, for large and complex applications, the debloating process could take hours, typically due the long time that may be needed to construct call graph for analysis. In this work, we propose MiniAppPerm, that speeds up the permission-based debloating by constructing a partial call graph instead of a complete call graph. Our preliminary experiments on a set of apps in Google Play show that MiniAppPerm can reduce the call graph construction time by up to 85.3%. We also checked that the debloated apps can run without crashes. 2024-04-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/9259 info:doi/10.1145/3647632.3651390 https://ink.library.smu.edu.sg/context/sis_research/article/10259/viewcontent/3647632.3651390.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Security and privacy Software security engineering Software Engineering
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Security and privacy
Software security engineering
Software Engineering
spellingShingle Security and privacy
Software security engineering
Software Engineering
Ferdian, Thung
LIU, Jiakun
RATTANUKUL, Pattarakrit
MAOZ, Shahar
TOCH, Eran
GAO, Debin
LO, David
Towards speedy permission-based debloating for Android apps
description Android apps typically include many functionalities that not all users require. These result in software bloat that increases possible attack surface and app size. Common functionalities that users may not require are related to permissions that they intend to disallow in the first place. As these permissions are disallowed, their related code would never be executed and therefore can be safely removed. Existing work has proposed a solution to debloat Android apps according to the disallowed permissions. However, for large and complex applications, the debloating process could take hours, typically due the long time that may be needed to construct call graph for analysis. In this work, we propose MiniAppPerm, that speeds up the permission-based debloating by constructing a partial call graph instead of a complete call graph. Our preliminary experiments on a set of apps in Google Play show that MiniAppPerm can reduce the call graph construction time by up to 85.3%. We also checked that the debloated apps can run without crashes.
format text
author Ferdian, Thung
LIU, Jiakun
RATTANUKUL, Pattarakrit
MAOZ, Shahar
TOCH, Eran
GAO, Debin
LO, David
author_facet Ferdian, Thung
LIU, Jiakun
RATTANUKUL, Pattarakrit
MAOZ, Shahar
TOCH, Eran
GAO, Debin
LO, David
author_sort Ferdian, Thung
title Towards speedy permission-based debloating for Android apps
title_short Towards speedy permission-based debloating for Android apps
title_full Towards speedy permission-based debloating for Android apps
title_fullStr Towards speedy permission-based debloating for Android apps
title_full_unstemmed Towards speedy permission-based debloating for Android apps
title_sort towards speedy permission-based debloating for android apps
publisher Institutional Knowledge at Singapore Management University
publishDate 2024
url https://ink.library.smu.edu.sg/sis_research/9259
https://ink.library.smu.edu.sg/context/sis_research/article/10259/viewcontent/3647632.3651390.pdf
_version_ 1814047847143702528