Abstract
Permissions are a key factor in protecting the privacy of users within the android system. Since it is often not clear why applications require access to certain permissions, app descriptions provided by developers should clarify to users why their apps need those dangerous permissions. Identifying accurately the presence of permission usage details in app descriptions is a difficult task due to the lack of established quality standards and different ways developers may convey information related to permissions requirements. In this work, we used permission analysis technique to detect malicious privacy invasive apps by identifying critical discrepancies between application description and its permissions requirements. Further, apps are categorized into different risk levels using K-means and SVM machine learning algorithms. Out of 1005 applications analyzed using our system, 938 were found to be having at least 1 suspicious dangerous permission requirement.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Permissions overview Android developers. https://developer.android.com/guide/topics/permissions/overview. Last accessed 29 June 2020
Number of Android applications on the Google Play store. AppBrain, https://www.appbrain.com/stats/number-of-android-apps. Last accessed 29 June 2020
Kang H, Jang JW, Mohaisen A, Kim HK (2015) Detecting and classifying android malware using static analysis along with creator information. Int J Distrib Sens Networks 11
Scoccia GL, Ruberto S, Malavolta I, Autili M, Inverardi P (2018) An investigation into Android run-time permissions from the end users’ perspective. In: Proceedings of the 5th international conference on mobile software engineering and systems, pp 45–55
Zhang Y, Yang M, Xu B, Yang Z, Gu G, Ning P, Wang XS, Zang B (2013) Vetting undesirable behaviors in Android apps with permission use analysis. In: Proceedings of the 2013 ACM SIGSAC conference on computer and communications security, pp 611–622
Wang H, Li Y, Guo Y, Agarwal Y, Hong JI (2017) Understanding the purpose of permission use in mobile apps. ACM Trans Inf Syst 35
Diamantaris M, Papadopoulos EP, Markatos EP, Ioannidis S, Polakis J (2019) Reaper: real-time app analysis for augmenting the android permission system. In: Proceedings of the ninth ACM conference on data application security and privacy, pp 37–48
Fu H, Zheng Z, Zhu S, Mohapatra P (2019) Keeping context in mind: automating mobile app access control with user interface inspection. In: IEEE INFOCOM 2019-IEEE conference on computer communications. IEEE, pp 2089–2097
Fu J, Zhou Y, Wang X (2019) Component-based permission management of Android applications. Softw Pract Exp 49:1402–1418
Duc NV, Giang PT, Vi PM (2016) Permission analysis for android malware. In: Proceedings of the 7th VAST—AIST work. “RESEARCH Collaboration Review and Perspective” pp 207–216
Idrees F, Rajarajan M (2014) Investigating the android intents and permissions for malware detection. In: 2014 IEEE 10th international conference on wireless and mobile computing, networking communications (WiMob). IEEE, pp 354–358
Aung Z, Zaw W (2013) Permission-based android malware detection. Int J Sci Technol Res 2:228–234
Geneiatakis D, Fovino IN, Kounelis I, Stirparo P (2015) A permission verification approach for android mobile applications. Comput Secur 49:192–205
Vidas T, Christin N, Cranor LF (2011) Curbing android permission creep. Proc Web 1–14
Wang H, Guo Y, Tang Z, Bai G, Chen X (2015) Reevaluating android permission gaps with static and dynamic analysis. In: 2015 IEEE global communications conference (GLOBECOM). IEEE, pp 1–6
Berthomé P, Fécherolle T, Guilloteau N, Lalande JF (2012) Repackaging android applications for auditing access to private data. In: 2012 Seventh international conference on availability, reliability security. IEEE, pp 388–396
Sharma K, Gupta BB (2019) Towards privacy risk analysis in android applications using machine learning approaches. Int J E-Services Mob Appl 11:1–21
Feichtner J, Gruber G (2020) Understanding privacy awareness in android app descriptions using deep learning. In: Proceedings of the tenth ACM conference on data application security privacy (CODASPY ’20)
Dharmalingam VP, Palanisamy V (2020) A novel permission ranking system for android malware detection—the permission grader. J Ambient Intell Humaniz Comput 1–11
Alazab M, Alazab M, Shalaginov A, Mesleh A, Awajan A (2020) Intelligent mobile malware detection using permission requests and API calls. Futur Gener Comput Syst 107:509–521
Xiao J, Chen S, He Q, Feng Z, Xue X (2020) An Android application risk evaluation framework based on minimum permission set identification. J Syst Softw 163:110533
Wang Z, Li K, Hu Y, Fukuda A, Kong W (2019) Multilevel permission extraction in android applications for malware detection. In: 2019 International conference on computer, information and telecommunication systems (CITS). IEEE, pp 1–5
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Shaikh, M.S., Siddavatam, I., Dalvi, A., Panchal, A., Gokhale, S. (2021). Malicious Privacy Invasive Android Application Detection Using Machine Learning-Based Permission Analysis Technique. In: Reddy, V.S., Prasad, V.K., Wang, J., Reddy, K.T.V. (eds) Soft Computing and Signal Processing. Advances in Intelligent Systems and Computing, vol 1325. Springer, Singapore. https://doi.org/10.1007/978-981-33-6912-2_30
Download citation
DOI: https://doi.org/10.1007/978-981-33-6912-2_30
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-33-6911-5
Online ISBN: 978-981-33-6912-2
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)