Abstract
With Android6.0, users can decide whether to grant an app runtime permission. However, users may not understand the potential negative consequences of granting app permissions. In this paper, we investigate the feasibility of using an app’s requested permissions and the intent-filters, app’s category and permissions requested by other apps in the same category to better inform users about whether to install a given app and the risk scores associated with granting each of the app’s required permissions. In an evaluation with 10,979 benign and 3,205 malicious apps, we demonstrate the effectiveness of the proposal approach.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Androgurad. https://github.com/androguard
Beautifulsoup. https://pypi.python.org/pypi/beautifulsoup4
Virustotal. https://www.virustotal.com/zh-cn/
Allix, K., Bissyandé, T.F., Klein, J., Le Traon, Y.: AndroZoo: collecting millions of android apps for the research community. In: 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR), pp. 468–471. IEEE (2016)
Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., Siemens, C.: DREBIN: effective and explainable detection of android malware in your pocket. In: NDSS (2014)
Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, p. 3. ACM (2012)
Google: Android system permission 2015 (2015). https://developer.android.com/guide/topics/permissions/index.html
Ho, T.K.: Random decision forests. In: Proceedings of the Third International Conference on Document Analysis and Recognition, vol. 1, pp. 278–282. IEEE (1995)
Jha, A.K., Lee, W.J.: Analysis of permission-based security in android through policy expert, developer, and end user perspectives. J. UCS 22(4), 459–474 (2016)
McAfee: Mcafee labs threats report April 2017 (2017). https://www.mcafee.com/us/resources/reports/rp-quarterly-threats-mar-2017.pdf
Oglaza, A., Laborde, R., Benzekri, A., Barrère, F.: A recommender-based system for assisting non-technical users in managing android permissions. In: 2016 11th International Conference on Availability, Reliability and Security (ARES), pp. 1–9. IEEE (2016)
Rashidi, B., Fung, C., Bertino, E.: Android resource usage risk assessment using hidden Markov model and online learning. Comput. Secur. 65, 90–107 (2017)
Rashidi, B., Fung, C., Vu, T.: Dude, ask the experts!: Android resource access permission recommendation with recdroid. In: IFIP/IEEE International Symposium on Integrated Network Management, pp. 296–304. IEEE (2015)
Rashidi, B., Fung, C., Nguyen, A., Vu, T.: Android permission recommendation using transitive Bayesian inference model. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016, Part I. LNCS, vol. 9878, pp. 477–497. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45744-4_24
Sarma, B.P., Li, N., Gates, C., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Android permissions: a perspective combining risks and benefits. In: Proceedings of the 17th ACM symposium on Access Control Models and Technologies, pp. 13–22. ACM (2012)
Sokolova, K., Perez, C., Lemercier, M.: Android application classification and anomaly detection with graph-based permission patterns. Decis. Support. Syst. 93, 62–76 (2017)
Taylor, V.F., Martinovic, I.: Starving permission-hungry android apps using SecuRank. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1850–1852. ACM (2016)
Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: IEEE Symposium on Security and Privacy, pp. 95–109 (2012)
Zhu, H., Xiong, H., Ge, Y., Chen, E.: Mobile app recommendations with security and privacy awareness. In: Proceedings of the 20th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 951–960. ACM (2014)
Acknowledgment
This work is supported by the National Key R&D Plan of China under grant no. 2016YFB0800201, the Natural Science Foundation of China under grant no. 61070212 and 61572165, the State Key Program of Zhejiang Province Natural Science Foundation of China under grant no. LZ15F020003, the Key research and development plan project of Zhejiang Province under grant no. 2017C01065, the Key Lab of Information Network Security, Ministry of Public Security, under grant no. C16603.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Shen, Y. et al. (2018). Android App Classification and Permission Usage Risk Assessment. In: Romdhani, I., Shu, L., Takahiro, H., Zhou, Z., Gordon, T., Zeng, D. (eds) Collaborative Computing: Networking, Applications and Worksharing. CollaborateCom 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 252. Springer, Cham. https://doi.org/10.1007/978-3-030-00916-8_52
Download citation
DOI: https://doi.org/10.1007/978-3-030-00916-8_52
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-00915-1
Online ISBN: 978-3-030-00916-8
eBook Packages: Computer ScienceComputer Science (R0)