Fine-grained in-context permission classification for Android apps using control-flow graph embedding

Android is the most popular operating system for mobile devices nowadays. Permissions are a very important part of Android security architecture. Apps frequently need the users’ permission, but many of them only ask for it once—when the user uses the app for the first time—and then they keep and abu...

Full description

Saved in:
Bibliographic Details
Main Authors: MALVIYA, Vikas Kumar, YAN, Naing Tun, LEOW, Chee Wei, TEE, Ailys Xynyn, SHAR, Lwin Khin, JIANG, Lingxiao
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2023
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/8387
https://ink.library.smu.edu.sg/context/sis_research/article/9390/viewcontent/ase_2023_camera_ready__1_.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-9390
record_format dspace
spelling sg-smu-ink.sis_research-93902024-01-09T03:57:10Z Fine-grained in-context permission classification for Android apps using control-flow graph embedding MALVIYA, Vikas Kumar YAN, Naing Tun LEOW, Chee Wei TEE, Ailys Xynyn SHAR, Lwin Khin JIANG, Lingxiao Android is the most popular operating system for mobile devices nowadays. Permissions are a very important part of Android security architecture. Apps frequently need the users’ permission, but many of them only ask for it once—when the user uses the app for the first time—and then they keep and abuse the given permissions. Longing to enhance Android permission security and users’ private data protection is the driving factor behind our approach to explore fine-grained contextsensitive permission usage analysis and thereby identify misuses in Android apps. In this work, we propose an approach for classifying the fine-grained permission uses for each functionality of Android apps that a user interacts with. Our approach, named DROIDGEM, relies on mainly three technical components to provide an in-context classification for permission (mis)uses by Android apps for each functionality triggered by users: (1) static inter-procedural control-flow graphs and call graphs representing each functionality in an app that may be triggered by users’ or systems’ events through UI-linked event handlers, (2) graph embedding techniques converting graph structures into numerical encoding, and (3) supervised machine learning models classifying (mis)uses of permissions based on the embedding. We have implemented a prototype of DROIDGEM and evaluated it on 89 diverse apps. The results show that DROIDGEM can accurately classify whether permission used by the functionality of an app triggered by a UI-linked event handler is a misuse in relation to manually verified decisions, with up to 95% precision and recall. We believe that such a permission classification mechanism can be helpful in providing fine-grained permission notices in a context related to app users’ actions, and improving their awareness of (mis)uses of permissions and private data in Android apps. 2023-09-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/8387 info:doi/10.1109/ASE56229.2023.00056 https://ink.library.smu.edu.sg/context/sis_research/article/9390/viewcontent/ase_2023_camera_ready__1_.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Privacy protection Permission control Android apps Control flow graphs Graph embedding Classification Information Security Software Engineering
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Privacy protection
Permission control
Android apps
Control flow graphs
Graph embedding
Classification
Information Security
Software Engineering
spellingShingle Privacy protection
Permission control
Android apps
Control flow graphs
Graph embedding
Classification
Information Security
Software Engineering
MALVIYA, Vikas Kumar
YAN, Naing Tun
LEOW, Chee Wei
TEE, Ailys Xynyn
SHAR, Lwin Khin
JIANG, Lingxiao
Fine-grained in-context permission classification for Android apps using control-flow graph embedding
description Android is the most popular operating system for mobile devices nowadays. Permissions are a very important part of Android security architecture. Apps frequently need the users’ permission, but many of them only ask for it once—when the user uses the app for the first time—and then they keep and abuse the given permissions. Longing to enhance Android permission security and users’ private data protection is the driving factor behind our approach to explore fine-grained contextsensitive permission usage analysis and thereby identify misuses in Android apps. In this work, we propose an approach for classifying the fine-grained permission uses for each functionality of Android apps that a user interacts with. Our approach, named DROIDGEM, relies on mainly three technical components to provide an in-context classification for permission (mis)uses by Android apps for each functionality triggered by users: (1) static inter-procedural control-flow graphs and call graphs representing each functionality in an app that may be triggered by users’ or systems’ events through UI-linked event handlers, (2) graph embedding techniques converting graph structures into numerical encoding, and (3) supervised machine learning models classifying (mis)uses of permissions based on the embedding. We have implemented a prototype of DROIDGEM and evaluated it on 89 diverse apps. The results show that DROIDGEM can accurately classify whether permission used by the functionality of an app triggered by a UI-linked event handler is a misuse in relation to manually verified decisions, with up to 95% precision and recall. We believe that such a permission classification mechanism can be helpful in providing fine-grained permission notices in a context related to app users’ actions, and improving their awareness of (mis)uses of permissions and private data in Android apps.
format text
author MALVIYA, Vikas Kumar
YAN, Naing Tun
LEOW, Chee Wei
TEE, Ailys Xynyn
SHAR, Lwin Khin
JIANG, Lingxiao
author_facet MALVIYA, Vikas Kumar
YAN, Naing Tun
LEOW, Chee Wei
TEE, Ailys Xynyn
SHAR, Lwin Khin
JIANG, Lingxiao
author_sort MALVIYA, Vikas Kumar
title Fine-grained in-context permission classification for Android apps using control-flow graph embedding
title_short Fine-grained in-context permission classification for Android apps using control-flow graph embedding
title_full Fine-grained in-context permission classification for Android apps using control-flow graph embedding
title_fullStr Fine-grained in-context permission classification for Android apps using control-flow graph embedding
title_full_unstemmed Fine-grained in-context permission classification for Android apps using control-flow graph embedding
title_sort fine-grained in-context permission classification for android apps using control-flow graph embedding
publisher Institutional Knowledge at Singapore Management University
publishDate 2023
url https://ink.library.smu.edu.sg/sis_research/8387
https://ink.library.smu.edu.sg/context/sis_research/article/9390/viewcontent/ase_2023_camera_ready__1_.pdf
_version_ 1787590766945632256