Fine-grained in-context permission classification for Android apps using control-flow graph embedding
Android is the most popular operating system for mobile devices nowadays. Permissions are a very important part of Android security architecture. Apps frequently need the users’ permission, but many of them only ask for it once—when the user uses the app for the first time—and then they keep and abu...
Saved in:
Main Authors: | , , , , , |
---|---|
Format: | text |
Language: | English |
Published: |
Institutional Knowledge at Singapore Management University
2023
|
Subjects: | |
Online Access: | https://ink.library.smu.edu.sg/sis_research/8387 https://ink.library.smu.edu.sg/context/sis_research/article/9390/viewcontent/ase_2023_camera_ready__1_.pdf |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Singapore Management University |
Language: | English |
id |
sg-smu-ink.sis_research-9390 |
---|---|
record_format |
dspace |
spelling |
sg-smu-ink.sis_research-93902024-01-09T03:57:10Z Fine-grained in-context permission classification for Android apps using control-flow graph embedding MALVIYA, Vikas Kumar YAN, Naing Tun LEOW, Chee Wei TEE, Ailys Xynyn SHAR, Lwin Khin JIANG, Lingxiao Android is the most popular operating system for mobile devices nowadays. Permissions are a very important part of Android security architecture. Apps frequently need the users’ permission, but many of them only ask for it once—when the user uses the app for the first time—and then they keep and abuse the given permissions. Longing to enhance Android permission security and users’ private data protection is the driving factor behind our approach to explore fine-grained contextsensitive permission usage analysis and thereby identify misuses in Android apps. In this work, we propose an approach for classifying the fine-grained permission uses for each functionality of Android apps that a user interacts with. Our approach, named DROIDGEM, relies on mainly three technical components to provide an in-context classification for permission (mis)uses by Android apps for each functionality triggered by users: (1) static inter-procedural control-flow graphs and call graphs representing each functionality in an app that may be triggered by users’ or systems’ events through UI-linked event handlers, (2) graph embedding techniques converting graph structures into numerical encoding, and (3) supervised machine learning models classifying (mis)uses of permissions based on the embedding. We have implemented a prototype of DROIDGEM and evaluated it on 89 diverse apps. The results show that DROIDGEM can accurately classify whether permission used by the functionality of an app triggered by a UI-linked event handler is a misuse in relation to manually verified decisions, with up to 95% precision and recall. We believe that such a permission classification mechanism can be helpful in providing fine-grained permission notices in a context related to app users’ actions, and improving their awareness of (mis)uses of permissions and private data in Android apps. 2023-09-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/8387 info:doi/10.1109/ASE56229.2023.00056 https://ink.library.smu.edu.sg/context/sis_research/article/9390/viewcontent/ase_2023_camera_ready__1_.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Privacy protection Permission control Android apps Control flow graphs Graph embedding Classification Information Security Software Engineering |
institution |
Singapore Management University |
building |
SMU Libraries |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
SMU Libraries |
collection |
InK@SMU |
language |
English |
topic |
Privacy protection Permission control Android apps Control flow graphs Graph embedding Classification Information Security Software Engineering |
spellingShingle |
Privacy protection Permission control Android apps Control flow graphs Graph embedding Classification Information Security Software Engineering MALVIYA, Vikas Kumar YAN, Naing Tun LEOW, Chee Wei TEE, Ailys Xynyn SHAR, Lwin Khin JIANG, Lingxiao Fine-grained in-context permission classification for Android apps using control-flow graph embedding |
description |
Android is the most popular operating system for mobile devices nowadays. Permissions are a very important part of Android security architecture. Apps frequently need the users’ permission, but many of them only ask for it once—when the user uses the app for the first time—and then they keep and abuse the given permissions. Longing to enhance Android permission security and users’ private data protection is the driving factor behind our approach to explore fine-grained contextsensitive permission usage analysis and thereby identify misuses in Android apps. In this work, we propose an approach for classifying the fine-grained permission uses for each functionality of Android apps that a user interacts with. Our approach, named DROIDGEM, relies on mainly three technical components to provide an in-context classification for permission (mis)uses by Android apps for each functionality triggered by users: (1) static inter-procedural control-flow graphs and call graphs representing each functionality in an app that may be triggered by users’ or systems’ events through UI-linked event handlers, (2) graph embedding techniques converting graph structures into numerical encoding, and (3) supervised machine learning models classifying (mis)uses of permissions based on the embedding. We have implemented a prototype of DROIDGEM and evaluated it on 89 diverse apps. The results show that DROIDGEM can accurately classify whether permission used by the functionality of an app triggered by a UI-linked event handler is a misuse in relation to manually verified decisions, with up to 95% precision and recall. We believe that such a permission classification mechanism can be helpful in providing fine-grained permission notices in a context related to app users’ actions, and improving their awareness of (mis)uses of permissions and private data in Android apps. |
format |
text |
author |
MALVIYA, Vikas Kumar YAN, Naing Tun LEOW, Chee Wei TEE, Ailys Xynyn SHAR, Lwin Khin JIANG, Lingxiao |
author_facet |
MALVIYA, Vikas Kumar YAN, Naing Tun LEOW, Chee Wei TEE, Ailys Xynyn SHAR, Lwin Khin JIANG, Lingxiao |
author_sort |
MALVIYA, Vikas Kumar |
title |
Fine-grained in-context permission classification for Android apps using control-flow graph embedding |
title_short |
Fine-grained in-context permission classification for Android apps using control-flow graph embedding |
title_full |
Fine-grained in-context permission classification for Android apps using control-flow graph embedding |
title_fullStr |
Fine-grained in-context permission classification for Android apps using control-flow graph embedding |
title_full_unstemmed |
Fine-grained in-context permission classification for Android apps using control-flow graph embedding |
title_sort |
fine-grained in-context permission classification for android apps using control-flow graph embedding |
publisher |
Institutional Knowledge at Singapore Management University |
publishDate |
2023 |
url |
https://ink.library.smu.edu.sg/sis_research/8387 https://ink.library.smu.edu.sg/context/sis_research/article/9390/viewcontent/ase_2023_camera_ready__1_.pdf |
_version_ |
1787590766945632256 |