Towards automatic generation of security-centric descriptions for Android apps
To improve the security awareness of end users, Android markets directly present two classes of literal app information: 1) permission requests and 2) textual descriptions. Unfortunately, neither can serve the needs. A permission list is not only hard to understand but also inadequate; textual descr...
Saved in:
Main Authors: | , , , |
---|---|
Format: | text |
Language: | English |
Published: |
Institutional Knowledge at Singapore Management University
2015
|
Subjects: | |
Online Access: | https://ink.library.smu.edu.sg/sis_research/8174 https://ink.library.smu.edu.sg/context/sis_research/article/9177/viewcontent/2015_zhang2015towards.pdf |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Singapore Management University |
Language: | English |
id |
sg-smu-ink.sis_research-9177 |
---|---|
record_format |
dspace |
spelling |
sg-smu-ink.sis_research-91772023-09-26T10:31:23Z Towards automatic generation of security-centric descriptions for Android apps ZHANG, Mu DUAN, Yue FENG, Qian YIN, Heng To improve the security awareness of end users, Android markets directly present two classes of literal app information: 1) permission requests and 2) textual descriptions. Unfortunately, neither can serve the needs. A permission list is not only hard to understand but also inadequate; textual descriptions provided by developers are not security-centric and are significantly deviated from the permissions. To fill in this gap, we propose a novel technique to automatically generate security-centric app descriptions, based on program analysis. We implement a prototype system, DESCRIBEME, and evaluate our system using both DroidBench and real-world Android apps. Experimental results demonstrate that DESCRIBEME enables a promising technique which bridges the gap between descriptions and permissions. A further user study shows that automatically produced descriptions are not only readable but also effectively help users avoid malware and privacy-breaching apps. 2015-10-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/8174 info:doi/10.1145/2810103.2813669 https://ink.library.smu.edu.sg/context/sis_research/article/9177/viewcontent/2015_zhang2015towards.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Android Natural language generation Program analysis Subgraph mining Textual description Information Security |
institution |
Singapore Management University |
building |
SMU Libraries |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
SMU Libraries |
collection |
InK@SMU |
language |
English |
topic |
Android Natural language generation Program analysis Subgraph mining Textual description Information Security |
spellingShingle |
Android Natural language generation Program analysis Subgraph mining Textual description Information Security ZHANG, Mu DUAN, Yue FENG, Qian YIN, Heng Towards automatic generation of security-centric descriptions for Android apps |
description |
To improve the security awareness of end users, Android markets directly present two classes of literal app information: 1) permission requests and 2) textual descriptions. Unfortunately, neither can serve the needs. A permission list is not only hard to understand but also inadequate; textual descriptions provided by developers are not security-centric and are significantly deviated from the permissions. To fill in this gap, we propose a novel technique to automatically generate security-centric app descriptions, based on program analysis. We implement a prototype system, DESCRIBEME, and evaluate our system using both DroidBench and real-world Android apps. Experimental results demonstrate that DESCRIBEME enables a promising technique which bridges the gap between descriptions and permissions. A further user study shows that automatically produced descriptions are not only readable but also effectively help users avoid malware and privacy-breaching apps. |
format |
text |
author |
ZHANG, Mu DUAN, Yue FENG, Qian YIN, Heng |
author_facet |
ZHANG, Mu DUAN, Yue FENG, Qian YIN, Heng |
author_sort |
ZHANG, Mu |
title |
Towards automatic generation of security-centric descriptions for Android apps |
title_short |
Towards automatic generation of security-centric descriptions for Android apps |
title_full |
Towards automatic generation of security-centric descriptions for Android apps |
title_fullStr |
Towards automatic generation of security-centric descriptions for Android apps |
title_full_unstemmed |
Towards automatic generation of security-centric descriptions for Android apps |
title_sort |
towards automatic generation of security-centric descriptions for android apps |
publisher |
Institutional Knowledge at Singapore Management University |
publishDate |
2015 |
url |
https://ink.library.smu.edu.sg/sis_research/8174 https://ink.library.smu.edu.sg/context/sis_research/article/9177/viewcontent/2015_zhang2015towards.pdf |
_version_ |
1779157191419232256 |