Right to know, right to refuse: Towards UI perception-based automated fine-grained permission controls for Android apps
It is the basic right of a user to know how the permissions are used within the Android app’s scope and to refuse the app if granted permissions are used for the activities other than specified use which can amount to malicious behavior. This paper proposes an approach and a vision to automatically...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2022
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/7777 https://ink.library.smu.edu.sg/context/sis_research/article/8780/viewcontent/ase22nier.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-8780 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-87802023-04-04T03:24:23Z Right to know, right to refuse: Towards UI perception-based automated fine-grained permission controls for Android apps MALVIYA, Vikas Kumar LEOW, Chee Wei ASHOK KASTHURI, YAN, Naing Tun SHAR, Lwin Khin JIANG, Lingxiao It is the basic right of a user to know how the permissions are used within the Android app’s scope and to refuse the app if granted permissions are used for the activities other than specified use which can amount to malicious behavior. This paper proposes an approach and a vision to automatically model the permissions necessary for Android apps from users’ perspective and enable fine-grained permission controls by users, thus facilitating users in making more well-informed and flexible permission decisions for different app functionalities, which in turn improve the security and data privacy of the App and enforce apps to reduce permission misuses. Our proposed approach works in mainly two stages. First, it looks for discrepancies between the permission uses perceivable by users and the permissions actually used by apps via program analysis techniques. Second, it runs prediction algorithms using machine learning techniques to catch the discrepancies in permission usage and thereby alert the user for action about data violation. We have evaluated preliminary implementations of our approach and achieved promising fine-grained permission control accuracy. In addition to the benefits of users’ privacy protection, we envision that wider adoption of the approach may also enforce better privacy-aware design by responsible bodies such as app developers, governments, and enterprises. 2022-10-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/7777 info:doi/10.1145/3551349.3559556 https://ink.library.smu.edu.sg/context/sis_research/article/8780/viewcontent/ase22nier.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University automated permission control UI perception Android application analysis Android permissions machine learning Information Security Software Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
automated permission control UI perception Android application analysis Android permissions machine learning Information Security Software Engineering |
| spellingShingle |
automated permission control UI perception Android application analysis Android permissions machine learning Information Security Software Engineering MALVIYA, Vikas Kumar LEOW, Chee Wei ASHOK KASTHURI, YAN, Naing Tun SHAR, Lwin Khin JIANG, Lingxiao Right to know, right to refuse: Towards UI perception-based automated fine-grained permission controls for Android apps |
| description |
It is the basic right of a user to know how the permissions are used within the Android app’s scope and to refuse the app if granted permissions are used for the activities other than specified use which can amount to malicious behavior. This paper proposes an approach and a vision to automatically model the permissions necessary for Android apps from users’ perspective and enable fine-grained permission controls by users, thus facilitating users in making more well-informed and flexible permission decisions for different app functionalities, which in turn improve the security and data privacy of the App and enforce apps to reduce permission misuses. Our proposed approach works in mainly two stages. First, it looks for discrepancies between the permission uses perceivable by users and the permissions actually used by apps via program analysis techniques. Second, it runs prediction algorithms using machine learning techniques to catch the discrepancies in permission usage and thereby alert the user for action about data violation. We have evaluated preliminary implementations of our approach and achieved promising fine-grained permission control accuracy. In addition to the benefits of users’ privacy protection, we envision that wider adoption of the approach may also enforce better privacy-aware design by responsible bodies such as app developers, governments, and enterprises. |
| format |
text |
| author |
MALVIYA, Vikas Kumar LEOW, Chee Wei ASHOK KASTHURI, YAN, Naing Tun SHAR, Lwin Khin JIANG, Lingxiao |
| author_facet |
MALVIYA, Vikas Kumar LEOW, Chee Wei ASHOK KASTHURI, YAN, Naing Tun SHAR, Lwin Khin JIANG, Lingxiao |
| author_sort |
MALVIYA, Vikas Kumar |
| title |
Right to know, right to refuse: Towards UI perception-based automated fine-grained permission controls for Android apps |
| title_short |
Right to know, right to refuse: Towards UI perception-based automated fine-grained permission controls for Android apps |
| title_full |
Right to know, right to refuse: Towards UI perception-based automated fine-grained permission controls for Android apps |
| title_fullStr |
Right to know, right to refuse: Towards UI perception-based automated fine-grained permission controls for Android apps |
| title_full_unstemmed |
Right to know, right to refuse: Towards UI perception-based automated fine-grained permission controls for Android apps |
| title_sort |
right to know, right to refuse: towards ui perception-based automated fine-grained permission controls for android apps |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2022 |
| url |
https://ink.library.smu.edu.sg/sis_research/7777 https://ink.library.smu.edu.sg/context/sis_research/article/8780/viewcontent/ase22nier.pdf |
| _version_ |
1770576512558301184 |