Browse > Article
http://dx.doi.org/10.9708/jksci.2021.26.06.107

Forgotten Permission Usages: An Empirical Study on App Description Based Android App Analysis  

Wu, Zhiqiang (Dept. of Computer Science & Engineering, Hanyang University)
Lee, Scott Uk-Jin (Dept. of Computer Science & Engineering, Hanyang University)
Publication Information
Journal of the Korea Society of Computer and Information / v.26, no.6, 2021 , pp. 107-113 More about this Journal
Abstract
In this paper, we conducted an empirical study to investigate whether Android app descriptions provide enough permission usages for measuring app quality in terms of human writing and consistency between code and descriptions. Android app descriptions are analyzed for various purposes such as quality measurement, functionality recommendation, and malware detection. However, many app descriptions do not disclose permission usages, whether accidentally or on purpose. Most importantly, the previous studies could not precisely analyze app descriptions if permission usages cannot be completely introduced in app descriptions. To assess the consistency between permissions and app descriptions, we implemented a state-of-the-art method to predict Android permissions for 29,270 app descriptions. As a result, 25% of app descriptions may not contain any permission semantic, and 57% of app descriptions cannot accurately reflect permission usages.
Keywords
Android; App Description; Permission Semantics; Empirical Study; Natural Language Processing;
Citations & Related Records
연도 인용수 순위
  • Reference
1 F. H. Shezan, K. Cheng, Z. Zhang, Y. Cao and Y. Tian, "TKPERM: Cross-platform Permission Knowledge Transfer to Detect Overprivileged Third-party Applications," Proceedings of Network and Distributed Systems Security Symposium, pp. 1-15, 2020.
2 AndroGuard, https://github.com/androguard/androguard
3 C. Zhang, H. Wang, R. Wang, Y. Guo and G. Xu, "Re-checking App Behavior against App Description in the Context of Third-party Libraries," Proceeding of International Conference on Software Engineering and Knowledge Engineering , 2018. DOI: 10.18293/SEKE2018- 180   DOI
4 A. A. Subaihin, F. Sarro, S. Black and L. Capra, "Empirical Comparison of Text-based Mobile Apps Similarity Measurement Techniques," Empirical Software Engineering, vol.24, pp. 3290-3315, 2019.   DOI
5 Privacy, deception and device abuse. Available: https://support.google.com/googleplay/android-developer/topic/9877467
6 T. Watanabe, M. Akiyama, T. Sakai, and T. Mori, "Understanding the inconsistencies between text descriptions and the use of privacy-sensitive resources of mobile apps," in Proceedings of Symposium On Usable Privacy and Security, pp. 241-255, 2015.
7 Z. Wu, X. Chen and S. U. J. Lee, "Identifying Latent Android Malware from Application's Description using LSTM," Proceedings of International Conference on Information, System and Convergence Applications, pp. 40-42, 2019.
8 A. Gorla, I. Tavecchia, F. Gross, and A. Zeller, "Checking app behavior against app descriptions," Proceedings of International Conference on Software Engineering, pp. 1025-1035, 2014.
9 Y. Hu, H. Wang, T. Ji, X. Xiao, X. Luo, P. Gao and Y. Gao, "CHAMP: Characterizing Undesired App Behaviors from User Comments based on Market Policies," Proceedings of IEEE/ACM International Conference on Software Engineering, pp. 933-945, May 2021.
10 Z. Wu, X. Chen and S. U. J. Lee, "Permissions based Automatic Android Malware Repair using Long Short-Term Memory," Proceedings of the Korean Society of Computer Information Conference, pp. 387-388, 2019.
11 L. Yu, X. Luo, C. Qian, and S. Wang, "Revisiting the description-to-behavior fidelity in android applications," Proceedings of IEEE International Conference on Software Analysis, Evolution, and Reengineering, pp. 415-426, 2016.
12 K. Allix, T. F. Bissyand'e, J. Klein, and Y. Le Traon, "Androzoo: Collecting millions of android apps for the research community," Proceedings of International Conference on Mining Software Repositories, pp. 468-471, 2016.
13 M. Shamsujjoha, J. Grundy, L. Li, H. Khalajzadeh, and Q. Lu, "Checking app behavior against app descriptions: What if there are no app descriptions?" Proceedings of International Conference on Program Comprehension, pp. 422-432, 2021.
14 H. Alecakir, M. Kabukcu, B. Can and S. Sen, "Attention: there is an inconsistency between android permissions and application metadata!," International Journal of Information Security, pp. 1-19, Jan. 2021.
15 J. Xiao, S. Chen, Q. He, Z. Feng, and X. Xue, "An android application risk evaluation framework based on minimum permission set identification," Journal of Systems and Software, vol. 163, pp. 110533, May 2020.   DOI
16 Z. Qu, V. Rastogi, X. Zhang, Y. Chen, T. Zhu, and Z. Chen, "Autocog: Measuring the description-to-permission fidelity in android applications," Proceedings of ACM Conference on Computer and Communications Security, pp. 1354-1365, 2014.
17 Compact language detector, https://github.com/google/cld3
18 Y. Feng, L. Chen, A. Zheng, C. Gao and Z. Zheng, "AC-Net: Assessing the Consistency of Description and Permission in Android Apps," IEEE Access, vol. 7, pp. 57829-57842, Apr. 2019.   DOI
19 Z. Wu, X. Chen, and S. U. J. Lee, "FCDP: Fidelity Calculation for Description-to-Permissions in Android Apps," IEEE Access, vol. 9, pp. 1062-1075, Jan. 2021.   DOI
20 R. Pandita, X. Xiao, W. Yang, W. Enck and T. Xie, "WHYPER: Towards automating risk assessment of mobile applications," Proceedings of USENIX Security Symposium, pp. 527-542, 2013.
21 O. Olukoya, L. Mackenzie, I. Omoronyia, "Security-oriented View of App Behavior using Textual Descriptions and User-granted Permission Requests," Computers & Security, vol. 89, pp. 1-18, Feb. 2020.
22 A. A. Subaihin, F. Sarro, S. Black and L. Capra, "Empirical Comparison of Text-based Mobile Apps Similarity Measurement Techniques," Empirical Software Engineering, vol. 24, pp. 3290-3315, Jun. 2019.   DOI
23 H. Wu, W. Deng, X. Niu and C. Nie, "Identifying Key Features from App User Reviews," Proceedings of International Conference on Software Engineering, pp. 922-932, May 2021.