Fine-Grained In-Context Permission Classification for Android Apps Using Control-Flow Graph Embedding
Android is the most popular operating system for mobile devices nowadays. Permissions are a very important part of Android security architecture. Apps frequently need the users' permission, but many of them only ask for it once-when the user uses the app for the first time-and then they keep an...
Saved in:
| Published in: | IEEE/ACM International Conference on Automated Software Engineering : [proceedings] pp. 1225 - 1237 |
|---|---|
| Main Authors: | , , , , , |
| Format: | Conference Proceeding |
| Language: | English |
| Published: |
IEEE
11.09.2023
|
| Subjects: | |
| ISSN: | 2643-1572 |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Abstract | Android is the most popular operating system for mobile devices nowadays. Permissions are a very important part of Android security architecture. Apps frequently need the users' permission, but many of them only ask for it once-when the user uses the app for the first time-and then they keep and abuse the given permissions. Longing to enhance Android permission security and users' private data protection is the driving factor behind our approach to explore fine-grained context-sensitive permission usage analysis and thereby identify misuses in Android apps. In this work, we propose an approach for classifying the fine-grained permission uses for each functionality of Android apps that a user interacts with. Our approach, named DroidGem, relies on mainly three technical components to provide an in-context classification for permission (mis)uses by Android apps for each functionality triggered by users: (1) static inter-procedural control-flow graphs and call graphs representing each functionality in an app that may be triggered by users' or systems' events through UI-linked event handlers, (2) graph embedding techniques converting graph structures into numerical encoding, and (3) supervised machine learning models classifying (mis)uses of permissions based on the embedding. We have implemented a prototype of DroidGem and evaluated it on 89 diverse apps. The results show that DroidGem can accurately classify whether permission used by the functionality of an app triggered by a UI-linked event handler is a misuse in relation to manually verified decisions, with up to 95% precision and recall. We believe that such a permission classification mechanism can be helpful in providing fine-grained permission notices in a context related to app users' actions, and improving their awareness of (mis)uses of permissions and private data in Android apps. |
|---|---|
| AbstractList | Android is the most popular operating system for mobile devices nowadays. Permissions are a very important part of Android security architecture. Apps frequently need the users' permission, but many of them only ask for it once-when the user uses the app for the first time-and then they keep and abuse the given permissions. Longing to enhance Android permission security and users' private data protection is the driving factor behind our approach to explore fine-grained context-sensitive permission usage analysis and thereby identify misuses in Android apps. In this work, we propose an approach for classifying the fine-grained permission uses for each functionality of Android apps that a user interacts with. Our approach, named DroidGem, relies on mainly three technical components to provide an in-context classification for permission (mis)uses by Android apps for each functionality triggered by users: (1) static inter-procedural control-flow graphs and call graphs representing each functionality in an app that may be triggered by users' or systems' events through UI-linked event handlers, (2) graph embedding techniques converting graph structures into numerical encoding, and (3) supervised machine learning models classifying (mis)uses of permissions based on the embedding. We have implemented a prototype of DroidGem and evaluated it on 89 diverse apps. The results show that DroidGem can accurately classify whether permission used by the functionality of an app triggered by a UI-linked event handler is a misuse in relation to manually verified decisions, with up to 95% precision and recall. We believe that such a permission classification mechanism can be helpful in providing fine-grained permission notices in a context related to app users' actions, and improving their awareness of (mis)uses of permissions and private data in Android apps. |
| Author | Malviya, Vikas K. Shar, Lwin Khin Jiang, Lingxiao Tun, Yan Naing Xynyn, Ailys Tee Leow, Chee Wei |
| Author_xml | – sequence: 1 givenname: Vikas K. surname: Malviya fullname: Malviya, Vikas K. email: vikasm@smu.edu.sg organization: Singapore Management University,Singapore – sequence: 2 givenname: Yan Naing surname: Tun fullname: Tun, Yan Naing email: yannaingtun@smu.edu.sg organization: Singapore Management University,Singapore – sequence: 3 givenname: Chee Wei surname: Leow fullname: Leow, Chee Wei email: cwleow@smu.edu.sg organization: Singapore Management University,Singapore – sequence: 4 givenname: Ailys Tee surname: Xynyn fullname: Xynyn, Ailys Tee email: ailystee.2020@scis.smu.edu.sg organization: Singapore Management University,Singapore – sequence: 5 givenname: Lwin Khin surname: Shar fullname: Shar, Lwin Khin email: lkshar@smu.edu.sg organization: Singapore Management University,Singapore – sequence: 6 givenname: Lingxiao surname: Jiang fullname: Jiang, Lingxiao email: lxjiang@smu.edu.sg organization: Singapore Management University,Singapore |
| BookMark | eNotUMtKAzEAjKJgW_sFesgPpOa12c1xWdpaKChozyWbh0a2yZIsqH9vij3NDPM4zBzchBgsAA8ErwjB8ql9W1eCUrmimLIVxrgSV2Apa9mwCjMqpeDXYEYFZ4hUNb0D85y_SqqIegbsxgeLtkkVMHAXUBfDZH8m-GrTyefsY4DdoApxXqvpLF1MsA0mRW9gO44ZHrIPH_BcTHFAmyF-wzI4fsL1qbfGFPMe3Do1ZLu84AIcNuv37hntX7a7rt0jRRs-Icu55krpWlrBDDHYKS173RPFDK6oqbmTjbPYOCmY6qnATDuHFVHaWepqtgCP_7veWnsckz-p9HskmJYzaMP-AD1OWnQ |
| CODEN | IEEPAD |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/ASE56229.2023.00056 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Xplore POP ALL IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISBN | 9798350329964 |
| EISSN | 2643-1572 |
| EndPage | 1237 |
| ExternalDocumentID | 10298328 |
| Genre | orig-research |
| GrantInformation_xml | – fundername: National Research Foundation, Singapore funderid: 10.13039/501100001381 |
| GroupedDBID | 6IE 6IF 6IH 6IK 6IL 6IM 6IN 6J9 AAJGR AAWTH ABLEC ACREN ADYOE ADZIZ AFYQB ALMA_UNASSIGNED_HOLDINGS AMTXH BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO IEGSK IPLJI M43 OCL RIE RIL |
| ID | FETCH-LOGICAL-a284t-e44c4aac79e63d1d0fac9bcb1a3d052d74f98fe0df963ab2603cff0a1acfe2f73 |
| IEDL.DBID | RIE |
| ISICitedReferencesCount | 1 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=001103357200098&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| IngestDate | Wed Aug 27 02:32:41 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-a284t-e44c4aac79e63d1d0fac9bcb1a3d052d74f98fe0df963ab2603cff0a1acfe2f73 |
| PageCount | 13 |
| ParticipantIDs | ieee_primary_10298328 |
| PublicationCentury | 2000 |
| PublicationDate | 2023-Sept.-11 |
| PublicationDateYYYYMMDD | 2023-09-11 |
| PublicationDate_xml | – month: 09 year: 2023 text: 2023-Sept.-11 day: 11 |
| PublicationDecade | 2020 |
| PublicationTitle | IEEE/ACM International Conference on Automated Software Engineering : [proceedings] |
| PublicationTitleAbbrev | ASE |
| PublicationYear | 2023 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0051577 ssib057256115 |
| Score | 2.258331 |
| Snippet | Android is the most popular operating system for mobile devices nowadays. Permissions are a very important part of Android security architecture. Apps... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 1225 |
| SubjectTerms | Android apps Classification Control flow graphs Data protection Encoding Graph embedding Machine learning Mobile handsets Operating systems Permission control Privacy Privacy protection Prototypes |
| Title | Fine-Grained In-Context Permission Classification for Android Apps Using Control-Flow Graph Embedding |
| URI | https://ieeexplore.ieee.org/document/10298328 |
| WOSCitedRecordID | wos001103357200098&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3NS8MwFA9uePA0PyZ-k4PXaJNmS3OUsU5BxkCF3UaavMBAW9k69c83L-umFw_eSi8NSV5-r-3vg5Dr1Fl0FbNMKjTVBqFZJkAz4WXWk46nXkWh8KMaj7PpVE8asXrUwgBAJJ_BDV7Gf_musiv8VBYqXOiwA7MWaSnVX4u1NpunpwJ4c77tfQNOK9XYDPFE3949DQPUC9SmCDQ1TTCy-legSsSTvPPPkeyT7o8yj062mHNAdqA8JJ1NNANtKvWIQB66RzbC_Adw9KFk0YXqq6YTJL8g87WkMQ8TmUJxcWjoXinSG6u5o6E3XdLIJqCDNZed5a_VJx2hvTUdvhXg8Pld8pIPnwf3rElUYCbAUM1ASiuNsUpDP3XcJd5YXdiCm9QlPeGU9DrzkDgf6tIU4V0ntd4nhhvrQXiVHpN2WZVwQijolEuvtC2kkzoFbWyvCAdAOEEF-Mycki5O2-x9bZox28zY2R_3z8kergxSMTi_IO16sYJLsms_6vlycRWX-huO8KqO |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV05T8MwFLagIMFUjiJuPLAaYsfB8YiqllaUqhJF6lY59rNUCVLUA_j5-LkHLAxsUZZYtp-_l-Q7CLlOnUVXMcukQlNtEJrlAjQTXuaZdDz1KgqFO6rbzQcD3VuK1aMWBgAi-Qxu8DL-y3djO8dPZaHChQ47MN8kW5mUIlnItVbbJ1MBvjlfd78BqZVaGg3xRN_ePzcC2AtUpwi0NU0wtPpXpEpElGb1n2PZI7UfbR7trVFnn2xAeUCqq3AGuqzVQwLN0D-yB0yAAEfbJYs-VF8z2kP6C3JfSxoTMZErFJeHhv6VIsFxPHI0dKdTGvkEtL5gs7Pm6_iTPqDBNW28FeDw-TXy0mz06y22zFRgJgDRjIGUVhpjlYa71HGXeGN1YQtuUpdkwinpde4hcT5UpinC205qvU8MN9aD8Co9IpVyXMIxoaBTLr3StpBO6hS0sVkRjoBwhgrwuTkhNZy24fvCNmO4mrHTP-5fkZ1W_6kz7LS7j2dkF1cJiRmcn5PKbDKHC7JtP2aj6eQyLvs3meCt1Q |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=IEEE%2FACM+International+Conference+on+Automated+Software+Engineering+%3A+%5Bproceedings%5D&rft.atitle=Fine-Grained+In-Context+Permission+Classification+for+Android+Apps+Using+Control-Flow+Graph+Embedding&rft.au=Malviya%2C+Vikas+K.&rft.au=Tun%2C+Yan+Naing&rft.au=Leow%2C+Chee+Wei&rft.au=Xynyn%2C+Ailys+Tee&rft.date=2023-09-11&rft.pub=IEEE&rft.eissn=2643-1572&rft.spage=1225&rft.epage=1237&rft_id=info:doi/10.1109%2FASE56229.2023.00056&rft.externalDocID=10298328 |