TitleReevaluating android permission gaps with static and dynamic analysis
AuthorsWang, Haoyu
Guo, Yao
Tang, Zihao
Bai, Guangdong
Chen, Xiangqun
AffiliationKey Laboratory of High-Confidence Software Technologies, Ministry of Education, School of Electronics Engineering and Computer Science, Peking University, Beijing, China
National University of Singapore, Singapore
Issue Date2015
Publisher58th IEEE Global Communications Conference, GLOBECOM 2015
Citation58th IEEE Global Communications Conference, GLOBECOM 2015.San Diego, CA, United states,2016/2/23.
AbstractRecent studies on the Android permission system have found that there exists a permission gap between the requested permissions and permissions actually used in an Android app. However, current approaches face some challenges when detecting such permission gaps in Android apps due to the limitation of static analysis techniques. This paper proposes a novel approach to detect permission gaps in Android apps and determine the precise set of permissions that an app needs to run correctly. Our approach includes a static analysis technique to extract permission usage information from API invocations, and a dynamic testing technique to test and monitor the runtime permission usage behaviors of apps. By combining static analysis and dynamic testing, our approach can detect significantly more permission usage information compared to static analysis, indicating that our approach could improve the detection accuracy and reduce the false positives in permission gap detection. We have implemented a prototype to study more than 1,000 popular apps from Google Play. The results show that our approach could detect on average 30% more permissions that are used in apps, while more than 8% of the overprivileged apps detected by previous approaches are false positives. ? 2015 IEEE.
URIhttp://hdl.handle.net/20.500.11897/436273
ISSN9781479959525
DOI10.1109/GLOCOM.2014.7417621
IndexedEI
Appears in Collections:信息科学技术学院
高可信软件技术教育部重点实验室

Files in This Work
There are no files associated with this item.

Web of Science®



Checked on Last Week

Scopus®



Checked on Current Time

百度学术™



Checked on Current Time

Google Scholar™





License: See PKU IR operational policies.