Understanding the Purpose of Permission Use in Mobile Apps

被引：22

作者：

Wang, Haoyu ^{[1
]}

Li, Yuanchun ^{[2
]}

Guo, Yao ^{[2
]}

Agarwal, Yuvraj ^{[3
]}

Hong, Jason I. ^{[3
]}

机构：

[1] Beijing Univ Posts & Telecommun, Sch Comp Sci, Beijing Key Lab Intelligent Telecommun Software &, Beijing, Peoples R China

[2] Peking Univ, Sch Elect Engn & Comp Sci, Key Lab High Confidence Software Technol MOE, Beijing, Peoples R China

[3] Carnegie Mellon Univ, Human Comp Interact Inst, Sch Comp Sci, Pittsburgh, PA 15213 USA

来源：

ACM TRANSACTIONS ON INFORMATION SYSTEMS | 2017年 / 35卷 / 04期

基金：

中国国家自然科学基金; 国家高技术研究发展计划(863计划);

关键词：

Permission; purpose; mobile applications; Android; privacy; access control;

D O I：

10.1145/3086677

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Mobile apps frequently request access to sensitive data, such as location and contacts. Understanding the purpose of why sensitive data is accessed could help improve privacy as well as enable new kinds of access control. In this article, we propose a text mining based method to infer the purpose of sensitive data access by Android apps. The key idea we propose is to extract multiple features from app code and then use those features to train a machine learning classifier for purpose inference. We present the design, implementation, and evaluation of two complementary approaches to infer the purpose of permission use, first using purely static analysis, and then using primarily dynamic analysis. We also discuss the pros and cons of both approaches and the trade-offs involved.

引用

页数：40

共 81 条

[1] Your Location has been Shared 5,398 Times! A Field Study on Mobile App Privacy Nudging [J].

Almuhimedi, Hazim ;

Schaub, Florian ;

Sadeh, Norman ;

Adjerid, Idris ;

Acquisti, Alessandro ;

Gluck, Joshua ;

Cranor, Lorrie ;

Agarwal, Yuvraj .

CHI 2015: PROCEEDINGS OF THE 33RD ANNUAL CHI CONFERENCE ON HUMAN FACTORS IN COMPUTING SYSTEMS, 2015, :787-796

[2]

Amini S, 2013, P PETOOLS

[3]

[Anonymous], 2013, Proceedings of the 22Nd USENIX Conference on Security, SEC'13

[4]

[Anonymous], 2011, USENIX SEC S

[5]

[Anonymous], 2012, P USENIX SEC

[6]

[Anonymous], APKT TOOL REV ENG AN

[7]

[Anonymous], 2014, PROC 11 WORK C MININ

[8]

[Anonymous], P 13 INT C MOB SYST

[9]

[Anonymous], 2012, P 8 S US PRIV SEC SO

[10]

[Anonymous], 2010, Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS '10, DOI [10.1145/1755688.1755732, DOI 10.1145/1755688.1755732]

← 1 2 3 4 5 6 7 8 9 →