DPerm: Assisting the Migration of Android Apps to Runtime Permissions
June 15, 2017 Β· Declared Dead Β· π arXiv.org
"No code URL or promise found in abstract"
Evidence collected by the PWNC Scanner
Authors
Denis Bogdanas
arXiv ID
1706.05042
Category
cs.SE: Software Engineering
Citations
11
Venue
arXiv.org
Last Checked
4 months ago
Abstract
Android apps require permissions when accessing resources related to privacy or system integrity. Starting from Android 6, these permissions have to be asked at runtime. However, migrating to the new permission model poses multiple challenges for developers. First, developers have to discover where the app uses permissions, which requires a permission specification. To date several such specifications have been built, yet these are either imprecise, incomplete or don't support all types of protected resources. We first present DPSpec, a novel permission specification built from several documentation formats supplied with the Android SDK. Compared with the state the art specification, it contains 2.5x as many entries for protected methods and detects dangerous permission usages in more than twice as many apps. A second challenge for developers is where to insert permission requests, with possible locations restricted by the request mechanism. We also present DPerm, a static analysis for Android apps that recommends locations for permission requests in code. It achieves high precision through context sensitivity and improves recall through a general call graph augmentation algorithm for incomplete code. Our empirical evaluation on 32 apps shows a precision of 96% and recall of 89%.
Community Contributions
Found the code? Know the venue? Think something is wrong? Let us know!
π Similar Papers
In the same crypt β Software Engineering
R.I.P.
π»
Ghosted
R.I.P.
π»
Ghosted
Microservices: yesterday, today, and tomorrow
π
π
The Cartographer
A Survey of Machine Learning for Big Code and Naturalness
R.I.P.
π»
Ghosted
An Overview on Smart Contracts: Challenges, Advances and Platforms
R.I.P.
π»
Ghosted
Slither: A Static Analysis Framework For Smart Contracts
R.I.P.
π»
Ghosted
ContractFuzzer: Fuzzing Smart Contracts for Vulnerability Detection
Died the same way β π» Ghosted
R.I.P.
π»
Ghosted
Federated Learning: Strategies for Improving Communication Efficiency
R.I.P.
π»
Ghosted
In-Datacenter Performance Analysis of a Tensor Processing Unit
R.I.P.
π»
Ghosted
Deep Convolutional Neural Networks for Computer-Aided Detection: CNN Architectures, Dataset Characteristics and Transfer Learning
R.I.P.
π»
Ghosted