Fine-Grained In-Context Permission Classification for Android Apps Using Control-Flow Graph Embedding
Android is the most popular operating system for mobile devices nowadays. Permissions are a very important part of Android security architecture. Apps frequently need the users' permission, but many of them only ask for it once-when the user uses the app for the first time-and then they keep an...
Uložené v:
| Vydané v: | IEEE/ACM International Conference on Automated Software Engineering : [proceedings] s. 1225 - 1237 |
|---|---|
| Hlavní autori: | , , , , , |
| Médium: | Konferenčný príspevok.. |
| Jazyk: | English |
| Vydavateľské údaje: |
IEEE
11.09.2023
|
| Predmet: | |
| ISSN: | 2643-1572 |
| On-line prístup: | Získať plný text |
| Tagy: |
Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
|
| Abstract | Android is the most popular operating system for mobile devices nowadays. Permissions are a very important part of Android security architecture. Apps frequently need the users' permission, but many of them only ask for it once-when the user uses the app for the first time-and then they keep and abuse the given permissions. Longing to enhance Android permission security and users' private data protection is the driving factor behind our approach to explore fine-grained context-sensitive permission usage analysis and thereby identify misuses in Android apps. In this work, we propose an approach for classifying the fine-grained permission uses for each functionality of Android apps that a user interacts with. Our approach, named DroidGem, relies on mainly three technical components to provide an in-context classification for permission (mis)uses by Android apps for each functionality triggered by users: (1) static inter-procedural control-flow graphs and call graphs representing each functionality in an app that may be triggered by users' or systems' events through UI-linked event handlers, (2) graph embedding techniques converting graph structures into numerical encoding, and (3) supervised machine learning models classifying (mis)uses of permissions based on the embedding. We have implemented a prototype of DroidGem and evaluated it on 89 diverse apps. The results show that DroidGem can accurately classify whether permission used by the functionality of an app triggered by a UI-linked event handler is a misuse in relation to manually verified decisions, with up to 95% precision and recall. We believe that such a permission classification mechanism can be helpful in providing fine-grained permission notices in a context related to app users' actions, and improving their awareness of (mis)uses of permissions and private data in Android apps. |
|---|---|
| AbstractList | Android is the most popular operating system for mobile devices nowadays. Permissions are a very important part of Android security architecture. Apps frequently need the users' permission, but many of them only ask for it once-when the user uses the app for the first time-and then they keep and abuse the given permissions. Longing to enhance Android permission security and users' private data protection is the driving factor behind our approach to explore fine-grained context-sensitive permission usage analysis and thereby identify misuses in Android apps. In this work, we propose an approach for classifying the fine-grained permission uses for each functionality of Android apps that a user interacts with. Our approach, named DroidGem, relies on mainly three technical components to provide an in-context classification for permission (mis)uses by Android apps for each functionality triggered by users: (1) static inter-procedural control-flow graphs and call graphs representing each functionality in an app that may be triggered by users' or systems' events through UI-linked event handlers, (2) graph embedding techniques converting graph structures into numerical encoding, and (3) supervised machine learning models classifying (mis)uses of permissions based on the embedding. We have implemented a prototype of DroidGem and evaluated it on 89 diverse apps. The results show that DroidGem can accurately classify whether permission used by the functionality of an app triggered by a UI-linked event handler is a misuse in relation to manually verified decisions, with up to 95% precision and recall. We believe that such a permission classification mechanism can be helpful in providing fine-grained permission notices in a context related to app users' actions, and improving their awareness of (mis)uses of permissions and private data in Android apps. |
| Author | Malviya, Vikas K. Shar, Lwin Khin Jiang, Lingxiao Tun, Yan Naing Xynyn, Ailys Tee Leow, Chee Wei |
| Author_xml | – sequence: 1 givenname: Vikas K. surname: Malviya fullname: Malviya, Vikas K. email: vikasm@smu.edu.sg organization: Singapore Management University,Singapore – sequence: 2 givenname: Yan Naing surname: Tun fullname: Tun, Yan Naing email: yannaingtun@smu.edu.sg organization: Singapore Management University,Singapore – sequence: 3 givenname: Chee Wei surname: Leow fullname: Leow, Chee Wei email: cwleow@smu.edu.sg organization: Singapore Management University,Singapore – sequence: 4 givenname: Ailys Tee surname: Xynyn fullname: Xynyn, Ailys Tee email: ailystee.2020@scis.smu.edu.sg organization: Singapore Management University,Singapore – sequence: 5 givenname: Lwin Khin surname: Shar fullname: Shar, Lwin Khin email: lkshar@smu.edu.sg organization: Singapore Management University,Singapore – sequence: 6 givenname: Lingxiao surname: Jiang fullname: Jiang, Lingxiao email: lxjiang@smu.edu.sg organization: Singapore Management University,Singapore |
| BookMark | eNotUMtKAzEAjKJgW_sFesgPpOa12c1xWdpaKChozyWbh0a2yZIsqH9vij3NDPM4zBzchBgsAA8ErwjB8ql9W1eCUrmimLIVxrgSV2Apa9mwCjMqpeDXYEYFZ4hUNb0D85y_SqqIegbsxgeLtkkVMHAXUBfDZH8m-GrTyefsY4DdoApxXqvpLF1MsA0mRW9gO44ZHrIPH_BcTHFAmyF-wzI4fsL1qbfGFPMe3Do1ZLu84AIcNuv37hntX7a7rt0jRRs-Icu55krpWlrBDDHYKS173RPFDK6oqbmTjbPYOCmY6qnATDuHFVHaWepqtgCP_7veWnsckz-p9HskmJYzaMP-AD1OWnQ |
| CODEN | IEEPAD |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/ASE56229.2023.00056 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISBN | 9798350329964 |
| EISSN | 2643-1572 |
| EndPage | 1237 |
| ExternalDocumentID | 10298328 |
| Genre | orig-research |
| GrantInformation_xml | – fundername: National Research Foundation, Singapore funderid: 10.13039/501100001381 |
| GroupedDBID | 6IE 6IF 6IH 6IK 6IL 6IM 6IN 6J9 AAJGR AAWTH ABLEC ACREN ADYOE ADZIZ AFYQB ALMA_UNASSIGNED_HOLDINGS AMTXH BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO IEGSK IPLJI M43 OCL RIE RIL |
| ID | FETCH-LOGICAL-a284t-e44c4aac79e63d1d0fac9bcb1a3d052d74f98fe0df963ab2603cff0a1acfe2f73 |
| IEDL.DBID | RIE |
| ISICitedReferencesCount | 1 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=001103357200098&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| IngestDate | Wed Aug 27 02:32:41 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-a284t-e44c4aac79e63d1d0fac9bcb1a3d052d74f98fe0df963ab2603cff0a1acfe2f73 |
| PageCount | 13 |
| ParticipantIDs | ieee_primary_10298328 |
| PublicationCentury | 2000 |
| PublicationDate | 2023-Sept.-11 |
| PublicationDateYYYYMMDD | 2023-09-11 |
| PublicationDate_xml | – month: 09 year: 2023 text: 2023-Sept.-11 day: 11 |
| PublicationDecade | 2020 |
| PublicationTitle | IEEE/ACM International Conference on Automated Software Engineering : [proceedings] |
| PublicationTitleAbbrev | ASE |
| PublicationYear | 2023 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0051577 ssib057256115 |
| Score | 2.25843 |
| Snippet | Android is the most popular operating system for mobile devices nowadays. Permissions are a very important part of Android security architecture. Apps... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 1225 |
| SubjectTerms | Android apps Classification Control flow graphs Data protection Encoding Graph embedding Machine learning Mobile handsets Operating systems Permission control Privacy Privacy protection Prototypes |
| Title | Fine-Grained In-Context Permission Classification for Android Apps Using Control-Flow Graph Embedding |
| URI | https://ieeexplore.ieee.org/document/10298328 |
| WOSCitedRecordID | wos001103357200098&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV09T8MwELWgYmAqH0V8ywOrwU6cuB5R1RSWqhIgdasc-yxVghS1KfDz8TlpYWFgi6xIiXw-vbP93j1CbvLcGi9NxpwSmsncOlZyBQxyk9pM2VSZxmxCjcf96VRPWrF61MIAQCSfwS0-xrt8t7BrPCoLGZ7osAL7u2RXqbwRa20WT6YCeAuxrX0DTivVthkSXN_dPw0D1CeoTUmwqSlHy-pfhioRT4ruP__kgPR-lHl0ssWcQ7ID1RHpbqwZaJupxwSKUD2yEfo_gKOPFYtdqL5qOkHyCzJfKxr9MJEpFINDQ_VKkd64mDsaatMVjWwCOmi47Kx4XXzSEba3psO3Ehx-v0deiuHz4IG1jgrMBBiqGUhppTFWachTJxz3xurSlsKkjmeJU9LrvgfufMhLU4a9Tmq950YY6yHxKj0hnWpRwSmhEk8hbdjMpbaU4R0da0UDHmwOPONnpIfTNntvmmbMNjN2_sf4BdnHyCAVQ4hL0qmXa7gie_ajnq-W1zHU33Y8qyg |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3PS8MwFA46BT3NHxN_m4PXaNKmzXqUsW7DOQZO2G2kyQsMtJWtU_98k7SbXjx4K6HQkpfH95J83_sQuo1jJQ2XEdGCJYTHSpOMCiAQy1BFQoVCVmYTYjRqT6fJuBarey0MAHjyGdy5R3-Xrwu1ckdlNsODxK7A9jbaiTgPaCXXWi-fSFj4ZmxT_VqkFqJuNMRocv_w3LVgHzh1SuDamlJnWv3LUsUjStr8578coNaPNg-PN6hziLYgP0LNtTkDrnP1GEFq60fScw4QoPEgJ74P1VeJx47-4rivOfaOmI4r5MODbf2KHcGxmGtsq9Ml9nwC3KnY7CR9LT5xzzW4xt23DLT7fgu9pN1Jp09qTwUiLRCVBDhXXEolEohDzTQ1UiWZypgMNY0CLbhJ2gaoNjYzZWZ3O6EyhkomlYHAiPAENfIih1OEuTuHVHY7F6qM23cSXy1KMKBioBE9Qy03bbP3qm3GbD1j53-M36C9_uRpOBsORo8XaN9FyREzGLtEjXKxgiu0qz7K-XJx7cP-DYoqrm8 |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=IEEE%2FACM+International+Conference+on+Automated+Software+Engineering+%3A+%5Bproceedings%5D&rft.atitle=Fine-Grained+In-Context+Permission+Classification+for+Android+Apps+Using+Control-Flow+Graph+Embedding&rft.au=Malviya%2C+Vikas+K.&rft.au=Tun%2C+Yan+Naing&rft.au=Leow%2C+Chee+Wei&rft.au=Xynyn%2C+Ailys+Tee&rft.date=2023-09-11&rft.pub=IEEE&rft.eissn=2643-1572&rft.spage=1225&rft.epage=1237&rft_id=info:doi/10.1109%2FASE56229.2023.00056&rft.externalDocID=10298328 |