Fine-Grained In-Context Permission Classification for Android Apps Using Control-Flow Graph Embedding
Android is the most popular operating system for mobile devices nowadays. Permissions are a very important part of Android security architecture. Apps frequently need the users' permission, but many of them only ask for it once-when the user uses the app for the first time-and then they keep an...
Uloženo v:
| Vydáno v: | IEEE/ACM International Conference on Automated Software Engineering : [proceedings] s. 1225 - 1237 |
|---|---|
| Hlavní autoři: | , , , , , |
| Médium: | Konferenční příspěvek |
| Jazyk: | angličtina |
| Vydáno: |
IEEE
11.09.2023
|
| Témata: | |
| ISSN: | 2643-1572 |
| On-line přístup: | Získat plný text |
| Tagy: |
Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
|
| Abstract | Android is the most popular operating system for mobile devices nowadays. Permissions are a very important part of Android security architecture. Apps frequently need the users' permission, but many of them only ask for it once-when the user uses the app for the first time-and then they keep and abuse the given permissions. Longing to enhance Android permission security and users' private data protection is the driving factor behind our approach to explore fine-grained context-sensitive permission usage analysis and thereby identify misuses in Android apps. In this work, we propose an approach for classifying the fine-grained permission uses for each functionality of Android apps that a user interacts with. Our approach, named DroidGem, relies on mainly three technical components to provide an in-context classification for permission (mis)uses by Android apps for each functionality triggered by users: (1) static inter-procedural control-flow graphs and call graphs representing each functionality in an app that may be triggered by users' or systems' events through UI-linked event handlers, (2) graph embedding techniques converting graph structures into numerical encoding, and (3) supervised machine learning models classifying (mis)uses of permissions based on the embedding. We have implemented a prototype of DroidGem and evaluated it on 89 diverse apps. The results show that DroidGem can accurately classify whether permission used by the functionality of an app triggered by a UI-linked event handler is a misuse in relation to manually verified decisions, with up to 95% precision and recall. We believe that such a permission classification mechanism can be helpful in providing fine-grained permission notices in a context related to app users' actions, and improving their awareness of (mis)uses of permissions and private data in Android apps. |
|---|---|
| AbstractList | Android is the most popular operating system for mobile devices nowadays. Permissions are a very important part of Android security architecture. Apps frequently need the users' permission, but many of them only ask for it once-when the user uses the app for the first time-and then they keep and abuse the given permissions. Longing to enhance Android permission security and users' private data protection is the driving factor behind our approach to explore fine-grained context-sensitive permission usage analysis and thereby identify misuses in Android apps. In this work, we propose an approach for classifying the fine-grained permission uses for each functionality of Android apps that a user interacts with. Our approach, named DroidGem, relies on mainly three technical components to provide an in-context classification for permission (mis)uses by Android apps for each functionality triggered by users: (1) static inter-procedural control-flow graphs and call graphs representing each functionality in an app that may be triggered by users' or systems' events through UI-linked event handlers, (2) graph embedding techniques converting graph structures into numerical encoding, and (3) supervised machine learning models classifying (mis)uses of permissions based on the embedding. We have implemented a prototype of DroidGem and evaluated it on 89 diverse apps. The results show that DroidGem can accurately classify whether permission used by the functionality of an app triggered by a UI-linked event handler is a misuse in relation to manually verified decisions, with up to 95% precision and recall. We believe that such a permission classification mechanism can be helpful in providing fine-grained permission notices in a context related to app users' actions, and improving their awareness of (mis)uses of permissions and private data in Android apps. |
| Author | Malviya, Vikas K. Shar, Lwin Khin Jiang, Lingxiao Tun, Yan Naing Xynyn, Ailys Tee Leow, Chee Wei |
| Author_xml | – sequence: 1 givenname: Vikas K. surname: Malviya fullname: Malviya, Vikas K. email: vikasm@smu.edu.sg organization: Singapore Management University,Singapore – sequence: 2 givenname: Yan Naing surname: Tun fullname: Tun, Yan Naing email: yannaingtun@smu.edu.sg organization: Singapore Management University,Singapore – sequence: 3 givenname: Chee Wei surname: Leow fullname: Leow, Chee Wei email: cwleow@smu.edu.sg organization: Singapore Management University,Singapore – sequence: 4 givenname: Ailys Tee surname: Xynyn fullname: Xynyn, Ailys Tee email: ailystee.2020@scis.smu.edu.sg organization: Singapore Management University,Singapore – sequence: 5 givenname: Lwin Khin surname: Shar fullname: Shar, Lwin Khin email: lkshar@smu.edu.sg organization: Singapore Management University,Singapore – sequence: 6 givenname: Lingxiao surname: Jiang fullname: Jiang, Lingxiao email: lxjiang@smu.edu.sg organization: Singapore Management University,Singapore |
| BookMark | eNotUMtKAzEAjKJgW_sFesgPpOa12c1xWdpaKChozyWbh0a2yZIsqH9vij3NDPM4zBzchBgsAA8ErwjB8ql9W1eCUrmimLIVxrgSV2Apa9mwCjMqpeDXYEYFZ4hUNb0D85y_SqqIegbsxgeLtkkVMHAXUBfDZH8m-GrTyefsY4DdoApxXqvpLF1MsA0mRW9gO44ZHrIPH_BcTHFAmyF-wzI4fsL1qbfGFPMe3Do1ZLu84AIcNuv37hntX7a7rt0jRRs-Icu55krpWlrBDDHYKS173RPFDK6oqbmTjbPYOCmY6qnATDuHFVHaWepqtgCP_7veWnsckz-p9HskmJYzaMP-AD1OWnQ |
| CODEN | IEEPAD |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/ASE56229.2023.00056 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISBN | 9798350329964 |
| EISSN | 2643-1572 |
| EndPage | 1237 |
| ExternalDocumentID | 10298328 |
| Genre | orig-research |
| GrantInformation_xml | – fundername: National Research Foundation, Singapore funderid: 10.13039/501100001381 |
| GroupedDBID | 6IE 6IF 6IH 6IK 6IL 6IM 6IN 6J9 AAJGR AAWTH ABLEC ACREN ADYOE ADZIZ AFYQB ALMA_UNASSIGNED_HOLDINGS AMTXH BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO IEGSK IPLJI M43 OCL RIE RIL |
| ID | FETCH-LOGICAL-a284t-e44c4aac79e63d1d0fac9bcb1a3d052d74f98fe0df963ab2603cff0a1acfe2f73 |
| IEDL.DBID | RIE |
| ISICitedReferencesCount | 1 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=001103357200098&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| IngestDate | Wed Aug 27 02:32:41 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-a284t-e44c4aac79e63d1d0fac9bcb1a3d052d74f98fe0df963ab2603cff0a1acfe2f73 |
| PageCount | 13 |
| ParticipantIDs | ieee_primary_10298328 |
| PublicationCentury | 2000 |
| PublicationDate | 2023-Sept.-11 |
| PublicationDateYYYYMMDD | 2023-09-11 |
| PublicationDate_xml | – month: 09 year: 2023 text: 2023-Sept.-11 day: 11 |
| PublicationDecade | 2020 |
| PublicationTitle | IEEE/ACM International Conference on Automated Software Engineering : [proceedings] |
| PublicationTitleAbbrev | ASE |
| PublicationYear | 2023 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0051577 ssib057256115 |
| Score | 2.25843 |
| Snippet | Android is the most popular operating system for mobile devices nowadays. Permissions are a very important part of Android security architecture. Apps... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 1225 |
| SubjectTerms | Android apps Classification Control flow graphs Data protection Encoding Graph embedding Machine learning Mobile handsets Operating systems Permission control Privacy Privacy protection Prototypes |
| Title | Fine-Grained In-Context Permission Classification for Android Apps Using Control-Flow Graph Embedding |
| URI | https://ieeexplore.ieee.org/document/10298328 |
| WOSCitedRecordID | wos001103357200098&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV09T8MwELVoxcBUPor4lgdWg524dTyiqilIqKoESN0qx3eWKkGC2hT4-dhuWlgY2OIstnw-vUv87j1CrrUE1D3FWeY0ZzLlhhlAPwQVbpUyI4uoM_uoxuNsOtWTplk99sIgYiSf4U14jHf5UNlV-FXmMzzR_gRmLdJSqr9u1tocnp7y4C3Etvb1OK1UIzMkuL69exp6qE9Cb0oSRE15sKz-ZagS8STv_HMl-6T705lHJ1vMOSA7WB6SzsaagTaZekQw99UjGwX_BwT6ULKoQvVV00kgvwTma0mjH2ZgCsXgUF-90kBvrOZAfW26pJFNQAdrLjvLX6tPOgry1nT4ViCE-bvkJR8-D-5Z46jAjIehmqGUVhpjlcZ-CgK4M1YXthAmBd5LQEmnM4ccnM9LU_hvndQ6x40w1mHiVHpM2mVV4gmhGXci45kGSJ3sQ89wU1iQRicKLFo4Jd2wbbP3tWjGbLNjZ3-8Pyd7ITKBiiHEBWnXixVekl37Uc-Xi6sY6m9BW6t2 |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3JTsMwELXYJDiVpYgdH7ga7MSp4yNCDSBKVQmQuFWOZywhQYLaFPh8bHeBCwducS62PB69SfzmPULOtATUmeIsd5ozmXLDDKAfggq3SrmRZdSZ7al-P39-1oNZs3rshUHESD7D8_AY7_KhtpPwq8xneKL9CcyXyWomZcKn7Vrz45MpD99CLKpfj9RKzYSGBNcXlw9dD_ZJ6E5JgqwpD6bVvyxVIqIUrX-uZZO0f3rz6GCBOltkCatt0pqbM9BZru4QLHz9yK6DAwQCva1Y1KH6augg0F8C97Wi0REzcIVieKivX2kgONYvQH11OqaRT0Cvpmx2VrzWn_Q6CFzT7luJEOZvk6ei-3h1w2aeCsx4IGoYSmmlMVZp7KQggDtjdWlLYVLgWQJKOp075OB8ZprSf-2k1jluhLEOE6fSXbJS1RXuEZpzJ3Kea4DUyQ5khpvSgjQ6UWDRwj5ph20bvk9lM4bzHTv44_0pWb95vO8Ne7f9u0OyEaIUiBlCHJGVZjTBY7JmP5qX8egkhv0bV5GuvQ |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=IEEE%2FACM+International+Conference+on+Automated+Software+Engineering+%3A+%5Bproceedings%5D&rft.atitle=Fine-Grained+In-Context+Permission+Classification+for+Android+Apps+Using+Control-Flow+Graph+Embedding&rft.au=Malviya%2C+Vikas+K.&rft.au=Tun%2C+Yan+Naing&rft.au=Leow%2C+Chee+Wei&rft.au=Xynyn%2C+Ailys+Tee&rft.date=2023-09-11&rft.pub=IEEE&rft.eissn=2643-1572&rft.spage=1225&rft.epage=1237&rft_id=info:doi/10.1109%2FASE56229.2023.00056&rft.externalDocID=10298328 |