An Automated Permission Selection Framework for Android Platform

  • Toqeer AliEmail author
  • Yasar Khan
  • Tamleek Ali
  • Safiullah Faizullah
  • Turki Alghamdi
  • Sajid Anwar


Enhancements to Android security frameworks have been a focal point of the research community in the past few years due to Android’s growing popularity. The Android permission framework performs a vital role in identifying the malicious behavior of an application. Most malware utilizes the wrong permission, given by an application that exploits device security and privacy. The focus point should be managing the permission given to an application at the very beginning, when installing the application. However, in this regard, the solutions given so far are user-centric. That means the user needs to decide whether permission should be given or not. A novice user usually ignores the warnings during installation of an app or accessing a resource. In this research, we introduce an enhanced Android permission framework that automatically decides for the user which permissions should be given to application at installation or when resources are accessed in the newer Android versions. We generated a large dataset of permissions and their ratings to generate a machine learning model. Finally, an incorporated machine learning model automatically decides on behalf of a user which permissions should be given to the user. Our results show high accuracy in the auto-selection of suggested permissions for the end user.


Android Android permisions Android security Smartphone security Operating system Machine learning 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: User attention, comprehension, and behavior. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, p. 3. ACM (2012)Google Scholar
  2. 2.
  3. 3.
    Motiee, S., Hawkey, K., Beznosov, K.: Do windows users follow the principle of least privilege?: Investigating user account control practices. In: Proceedings of the Sixth Symposium on Usable Privacy and Security, p. 1. ACM (2010)Google Scholar
  4. 4.
    Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 235–245, ACM (2009)Google Scholar
  5. 5.
    Sarma, B.P., Li, N., Gates, C., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Android permissions: a perspective combining risks and benefits. In: Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, pp. 13–22. ACM (2012)Google Scholar
  6. 6.
    Zhang, Y., Yang, M., Xu, B., Yang, Z., Gu, G., Ning, P., Wang, X.S., Zang, B.: Vetting undesirable behaviors in android apps with permission use analysis. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 611–622. ACM (2013)Google Scholar
  7. 7.
    Arp, D., Spreitzenbarth, M., Hübner, M., Gascon, H., Rieck, K., Siemens, C.: DREBIN: Effective and explainable detection of android malware in your pocket. In: Proceedings of the Annual Symposium on Network and Distributed System Security (NDSS), vol. 14, pp 23–26 (2014)Google Scholar
  8. 8.
    Rastogi, V., Chen, Y., Jiang, X.: Droidchameleon: evaluating android anti-malware against transformation attacks. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 329–334. ACM (2013)Google Scholar
  9. 9.
    Jiang, Y.Z.X., Xuxian, Z.: Detecting passive content leaks and pollution in android applications. In: Proceedings of the 20th Network and Distributed System Security Symposium (NDSS) (2013)Google Scholar
  10. 10.
    Rasthofer, S., Arzt, S., Bodden, E.: A machine-learning approach for classifying and categorizing android sources and sinks. In: 2014 Network and Distributed System Security Symposium (NDSS) (2014)Google Scholar
  11. 11.
    Alliance, O.H.: Open handset alliance (2011)Google Scholar
  12. 12.
    Ehringer, D.: The dalvik virtual machine architecture. Techn. Report (March 2010) 4(8) (2010)Google Scholar
  13. 13.
    Oh, H.S., Kim, B.J., Choi, H.K., Moon, S.M.: Evaluation of Android Dalvik virtual machine. In: Proceedings of the 10th International Workshop on Java Technologies for Real-time and Embedded Systems, pp. 115–124. ACM (2012)Google Scholar
  14. 14.
    Bläsing, T.: 4 GI FG SIDAR Graduierten-Workshop über Reaktive Sicherheit, pp. 10. Citeseer (2010)Google Scholar
  15. 15.
    Bläsing, T., Batyuk, L., Schmidt, A.D., Camtepe, S.A., Albayrak, S.: An android application sandbox system for suspicious software detection. In: 2010 5th International Conference on Malicious and Unwanted Software (MALWARE), pp. 55–62. IEEE (2010)Google Scholar
  16. 16.
    Rogers, R., Lombardo, J., Mednieks, Z., Meike, B.: Android Application Development: Programming with the Google SDK. O’Reilly Media, Inc., Sebastopol (2009)Google Scholar
  17. 17.
    Brahler, S.: Karlsruhe institute for technology. 7 (2010)Google Scholar
  18. 18.
    Enck, W., Ongtang, M., McDaniel, P.: Understanding android security. IEEE Secur. Priv. 50 (1), 50–57 (2009)CrossRefGoogle Scholar
  19. 19.
    Barrera, D., Kayacik, H.G., van Oorschot, P.C., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to android. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 73–84. ACM (2010)Google Scholar
  20. 20.
  21. 21.
    Khan, M.A., Jan, Z., Ishtiaq, M., Khan, M.A., Mirza, A.M.: Selection of accurate and robust classification model for binary classification problems. In: Signal Processing, Image Processing and Pattern Recognition, pp. 161–168. Springer (2009)Google Scholar
  22. 22.
    Wu, A., Zeng, Z.: Dynamic behaviors of memristor-based recurrent neural networks with time-varying delays. Neural Netw. 36, 1–10 (2012)CrossRefzbMATHGoogle Scholar
  23. 23.
    Domínguez, A., Saenz-De-Navarrete, J., De-Marcos, L., FernáNdez-Sanz, L., PagéS, C., MartíNez-HerráIz, J.-J.: Gamifying learning experiences: practical implications and outcomes. Comput. Educ. 63, 380–392 (2013)CrossRefGoogle Scholar
  24. 24.
    Truong, H.T.T., Lagerspetz, E., Nurmi, P., Oliner, A.J., Tarkoma, S., Asokan, N., Bhattacharya, S.: The company you keep: mobile malware infection rates and inexpensive risk indicators. In: Proceedings of the 23rd International Conference on World Wide Web, pp. 39–50. ACM (2014)Google Scholar
  25. 25.
    Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS) 32(2), 5 (2014)CrossRefGoogle Scholar

Copyright information

© Springer Nature B.V. 2018

Authors and Affiliations

  • Toqeer Ali
    • 1
    Email author
  • Yasar Khan
    • 2
  • Tamleek Ali
    • 3
  • Safiullah Faizullah
    • 1
  • Turki Alghamdi
    • 1
  • Sajid Anwar
    • 3
  1. 1.Faculty of Computer and Information SystemIsalmic University of MadinahMadinahSaudi Arabia
  2. 2.Malaysian Institute of Information TechnologyUniversiti Kuala LumpurKuala LumpurMalaysia
  3. 3.Institute of Management SceincesPeshawarPakistan

Personalised recommendations