Towards automatic generation of security-centric descriptions for Android apps

To improve the security awareness of end users, Android markets directly present two classes of literal app information: 1) permission requests and 2) textual descriptions. Unfortunately, neither can serve the needs. A permission list is not only hard to understand but also inadequate; textual descr...

Full description

Saved in:
Bibliographic Details
Main Authors: ZHANG, Mu, DUAN, Yue, FENG, Qian, YIN, Heng
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2015
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/8174
https://ink.library.smu.edu.sg/context/sis_research/article/9177/viewcontent/2015_zhang2015towards.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-9177
record_format dspace
spelling sg-smu-ink.sis_research-91772023-09-26T10:31:23Z Towards automatic generation of security-centric descriptions for Android apps ZHANG, Mu DUAN, Yue FENG, Qian YIN, Heng To improve the security awareness of end users, Android markets directly present two classes of literal app information: 1) permission requests and 2) textual descriptions. Unfortunately, neither can serve the needs. A permission list is not only hard to understand but also inadequate; textual descriptions provided by developers are not security-centric and are significantly deviated from the permissions. To fill in this gap, we propose a novel technique to automatically generate security-centric app descriptions, based on program analysis. We implement a prototype system, DESCRIBEME, and evaluate our system using both DroidBench and real-world Android apps. Experimental results demonstrate that DESCRIBEME enables a promising technique which bridges the gap between descriptions and permissions. A further user study shows that automatically produced descriptions are not only readable but also effectively help users avoid malware and privacy-breaching apps. 2015-10-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/8174 info:doi/10.1145/2810103.2813669 https://ink.library.smu.edu.sg/context/sis_research/article/9177/viewcontent/2015_zhang2015towards.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Android Natural language generation Program analysis Subgraph mining Textual description Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Android
Natural language generation
Program analysis
Subgraph mining
Textual description
Information Security
spellingShingle Android
Natural language generation
Program analysis
Subgraph mining
Textual description
Information Security
ZHANG, Mu
DUAN, Yue
FENG, Qian
YIN, Heng
Towards automatic generation of security-centric descriptions for Android apps
description To improve the security awareness of end users, Android markets directly present two classes of literal app information: 1) permission requests and 2) textual descriptions. Unfortunately, neither can serve the needs. A permission list is not only hard to understand but also inadequate; textual descriptions provided by developers are not security-centric and are significantly deviated from the permissions. To fill in this gap, we propose a novel technique to automatically generate security-centric app descriptions, based on program analysis. We implement a prototype system, DESCRIBEME, and evaluate our system using both DroidBench and real-world Android apps. Experimental results demonstrate that DESCRIBEME enables a promising technique which bridges the gap between descriptions and permissions. A further user study shows that automatically produced descriptions are not only readable but also effectively help users avoid malware and privacy-breaching apps.
format text
author ZHANG, Mu
DUAN, Yue
FENG, Qian
YIN, Heng
author_facet ZHANG, Mu
DUAN, Yue
FENG, Qian
YIN, Heng
author_sort ZHANG, Mu
title Towards automatic generation of security-centric descriptions for Android apps
title_short Towards automatic generation of security-centric descriptions for Android apps
title_full Towards automatic generation of security-centric descriptions for Android apps
title_fullStr Towards automatic generation of security-centric descriptions for Android apps
title_full_unstemmed Towards automatic generation of security-centric descriptions for Android apps
title_sort towards automatic generation of security-centric descriptions for android apps
publisher Institutional Knowledge at Singapore Management University
publishDate 2015
url https://ink.library.smu.edu.sg/sis_research/8174
https://ink.library.smu.edu.sg/context/sis_research/article/9177/viewcontent/2015_zhang2015towards.pdf
_version_ 1779157191419232256