An Android Application Risk Evaluation Framework Based on Minimum Permission Set Identification

January 23, 2020 Β· Declared Dead Β· πŸ› Journal of Systems and Software

πŸ‘» CAUSE OF DEATH: Ghosted
No code link whatsoever

"No code URL or promise found in abstract"

Evidence collected by the PWNC Scanner

Authors Jianmao Xiao, Shizhan Chen, Qiang He, Zhiyong Feng, Xiao Xue arXiv ID 2001.08399 Category cs.SE: Software Engineering Citations 37 Venue Journal of Systems and Software Last Checked 4 months ago
Abstract
Android utilizes a security mechanism that requires apps to request permission for accessing sensitive user data, e.g., contacts and SMSs, or certain system features, e.g., camera and Internet access. However, Android apps tend to be overprivileged, i.e., they often request more permissions than necessary. This raises the security problem of overprivilege. To alleviate the overprivilege problem, this paper proposes MPDroid, an approach that combines static analysis and collaborative filtering to identify the minimum permissions for an Android app based on its app description and API usage. Given an app, MPDroid first employs collaborative filtering to identify the initial minimum permissions for the app. Then, through static analysis, the final minimum permissions that an app really needs are identified. Finally, it evaluates the overprivilege risk by inspecting the apps extra privileges, i.e., the unnecessary permissions requested by the app. Experiments are conducted on 16,343 popular apps collected from Google Play. The results show that MPDroid outperforms the state-of-the-art approach significantly.
Community shame:
Not yet rated
πŸ“„ View on arXiv 🌐 View on ar5iv πŸ“‘ PDF πŸŽ‰ Report Code Found
Community Contributions

Found the code? Know the venue? Think something is wrong? Let us know!

πŸ“œ Similar Papers

In the same crypt β€” Software Engineering

Died the same way β€” πŸ‘» Ghosted