Skip to main content
SpringerLink
Log in
Book cover

International Conference on Dependability in Sensor, Cloud, and Big Data Systems and Applications

DependSys 2019: Dependability in Sensor, Cloud, and Big Data Systems and Applications pp 356–368Cite as

A Light-Weight Framework for Pre-submission Vetting of Android Applications in App Stores

  • Conference paper
  • First Online:

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1123))

Abstract

In general, smartphone apps are rolled-out under a data over-collection based business model. Under this model, users can download and use the apps free of cost, but a large number of permissions are asked from users to access data and resources on their smartphones. Apps collect user data and sell them to interested third-parties for making profits, or abuse smartphone resources for financial gains. This phenomenon introduces privacy and trust issues. Existing vetting mechanisms in the app stores mainly depend on user feedback and expert reviews and only target malicious apps. Permission abusive apps are not included in this list yet. In this paper, we propose a light-weight framework for pre-submission vetting of Android apps by app stores. We generate functional signatures of an app from its description and analyze them to build a profile that contains different permission usage scores, or suggests whether an app is suspicious. This framework can be used in the first line of defense in app stores to vet newly submitted apps.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Schneier, B.: It’s not just Facebook. Thousands of companies are spying on you. https://bit.ly/2ro89mx. Accessed 10 Apr 2018

  2. Ramos, D.: Uber crunches user data to determine where the most ‘one-night stands’ come from. https://tinyurl.com/y5qd6agd. Accessed 10 Apr 2018

  3. Graham-Harrison, E., Cadwalladr, C., Osborne, H.: Cambridge analytica boasts of dirty tricks to swing elections (2018). https://tinyurl.com/y23bgenk

  4. Dao, T.A., Singh, I., Madhyastha, H.V., Krishnamurthy, S.V., Cao, G., Mohapatra, P.: TIDE: a user-centric tool for identifying energy hungry applications on smartphones. IEEE/ACM Trans. Netw. 25, 1459–1474 (2017)

    Article  Google Scholar 

  5. Rahman, S., et al.: Internet data budget allocation policies for diverse smartphone applications. EURASIP J. Wirel. Commun. Netw. 2016, 226 (2016)

    Article  Google Scholar 

  6. Zhang, S., Wang, G., Bhuiyan, M.Z.A., Liu, Q.: A dual privacy preserving scheme in continuous location-based services. IEEE Internet Things J. 5, 4191–4200 (2018)

    Article  Google Scholar 

  7. Zhang, S., Li, X., Tan, Z., Peng, T., Wang, G.: A caching and spatial K-anonymity driven privacy enhancement scheme in continuous location-based services. Future Gener. Comput. Syst. 94, 40–50 (2019)

    Article  Google Scholar 

  8. Elahi, H., Wang, G., Li, X.: Smartphone bloatware: an overlooked privacy problem. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, K.-K.R. (eds.) SpaCCS 2017. LNCS, vol. 10656, pp. 169–185. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72389-1_15

    Chapter  Google Scholar 

  9. Phung, P.H., Mohanty, A., Rachapalli, R., Sridhar, M.: Hybridguard: a principal-based permission and fine-grained policy enforcement framework for web-based mobile applications. In: IEEE Security and Privacy Workshops (SPW), pp. 147–156. IEEE (2017)

    Google Scholar 

  10. Fragkaki, E., Bauer, L., Jia, L., Swasey, D.: Modeling and enhancing Android’s permission system. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 1–18. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33167-1_1

    Chapter  Google Scholar 

  11. Mylonas, A., Kastania, A., Gritzalis, D.: Delegate the smartphone user? Security awareness in smartphone platforms. Comput. Secur. 34, 47–66 (2013)

    Article  Google Scholar 

  12. Welch, C.: Google took down over 700,000 bad Android apps in 2017, The Verge (2018). https://tinyurl.com/yco84en2. Accessed 10 Sep 2019

  13. Stefanko, L.: First-of-its-kind spyware sneaks into Google Play, Welivesecurity (2019). https://tinyurl.com/y6gq2z2v. Accessed 10 Sep 2019

  14. Elahi, H., Wang, G., Xie, D.: Assessing privacy behaviors of smartphone users in the context of data over-collection problem: an exploratory study. In: IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computed, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI), pp. 1–8. IEEE (2017)

    Google Scholar 

  15. Martens, D., Maalej, W.: Towards understanding and detecting fake reviews in app stores. Empir. Softw. Eng. 1–40 (2019). https://doi.org/10.1007/s10664-019-09706-9. ISSN: 1573-7616

  16. Google: Permissions Overview. https://bit.ly/2HcAcye

  17. Fu, H., Lindqvist, J.: General area or approximate location? In: Proceedings of the 13th Workshop on Privacy in the Electronic Society - WPES 2014, pp. 117–120. ACM Press, New York (2014)

    Google Scholar 

  18. Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, Washington DC, pp. 1–14. ACM, New York (2012)

    Google Scholar 

  19. Fife, E., Orjuela, J.: The privacy calculus: mobile apps and user perceptions of privacy and security. Int. J. Eng. Bus. Manag. 4, 1–10 (2012)

    Article  Google Scholar 

  20. Google: App Permissions (Usage Notes). https://bit.ly/2LQoE61

  21. Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, Chicago, Illinois, USA, pp. 627–638. ACM, New York (2011)

    Google Scholar 

  22. Stevens, R., Ganz, J., Filkov, V., Devanbu, P., Chen, H.: Asking for (and about) permissions used by Android apps. In: 10th IEEE Working Conference on Mining Software Repositories (MSR), San Francisco, CA, pp. 31–40. IEEE (2013)

    Google Scholar 

  23. Wang, J., Cheng, H., Xue, M., Hei, X.: Revisiting localization attacks in mobile app people-nearby services. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, K.-K.R. (eds.) SpaCCS 2017. LNCS, vol. 10656, pp. 17–30. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72389-1_2

    Chapter  Google Scholar 

  24. Bartel, A., Klein, J., Le Traon, Y., Monperrus, M.: Automatically securing permission-based software by reducing the attack surface: an application to Android. In: Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering - ASE 2012, p. 274. ACM Press, New York (2012)

    Google Scholar 

  25. Seneviratne, S., Seneviratne, A., Mohapatra, P., Mahanti, A.: Predicting user traits from a snapshot of apps installed on a smartphone. Mob. Comput. Commun. Rev. 18, 1–8 (2014)

    Article  Google Scholar 

  26. Dimitriadis, A., Efraimidis, P.S., Katos, V.: Malevolent app pairs: an Android permission overpassing scheme. In: Proceedings of the ACM International Conference on Computing Frontiers - CF 2016, pp. 431–436. ACM Press, New York (2016)

    Google Scholar 

  27. Tang, J., Li, R., Han, H., Zhang, H., Gu, X.: Detecting permission over-claim of Android applications with static and semantic analysis approach. In: IEEE Trustcom/BigDataSE/ICESS, pp. 706–713. IEEE (2017)

    Google Scholar 

  28. Segura, J.: Drive-by cryptomining campaign targets millions of Android users. https://tinyurl.com/y6pnjdob

  29. Kang, Y., Miao, X., Liu, H., Ma, Q., Liu, K., Liu, Y.: Learning resource management specifications in smartphones. In: Proceedings of the International Conference on Parallel and Distributed Systems - ICPADS, January 2016, pp. 100–107 (2016)

    Google Scholar 

  30. Banerjee, A., Chong, L.K., Ballabriga, C., Roychoudhury, A.: EnergyPatch: repairing resource leaks to improve energy-efficiency of Android apps. IEEE Trans. Softw. Eng. 44, 470–490 (2017). Kindly check the edits made in Ref [30]

    Article  Google Scholar 

  31. Prochkova, I., Singh, V., Nurminen, J.K.: Energy cost of advertisements in mobile games on the Android platform. In: Proceedings of the 6th International Conference on Next Generation Mobile Applications, Services and Technologies, NGMAST 2012, pp. 147–152 (2012)

    Google Scholar 

  32. Sun, L., Li, Z., Yan, Q., Srisa-an, W., Pan, Y.: SigPID: significant permission identification for Android malware detection. In: 11th International Conference on Malicious and Unwanted Software (MALWARE), pp. 59–66. IEEE (2016)

    Google Scholar 

  33. Bugiel, S., et al.: Xmandroid : a new Android evolution to mitigate privilege escalation attacks. Center for Advanced Security Research Darmstadt, Darmstadt (2011)

    Google Scholar 

  34. Google: Privacy, Security, and Deception, Google Play (2018). https://tinyurl.com/y63o8qbb. Accessed 18 Apr 2018

  35. Hamed, A., Ben Ayed, H.K.: Privacy risk assessment and users’ awareness for mobile apps permissions. In: IEEE/ACS 13th International Conference of Computer Systems and Applications (AICCSA), pp. 1–8. IEEE (2016)

    Google Scholar 

  36. Han, W., Wang, W., Zhang, X., Peng, W., Fang, Z.: APP vetting based on the consistency of description and APK. In: Yung, M., Zhu, L., Yang, Y. (eds.) INTRUST 2014. LNCS, vol. 9473, pp. 259–277. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-27998-5_17

    Chapter  Google Scholar 

  37. Taylor, V.F., Martinovic, I.: SecuRank: starving permission-hungry apps using contextual permission analysis. In: Proceedings of the 6th Workshop on Security and Privacy in Smartphones and Mobile Devices - SPSM 2016, pp. 43–52. ACM Press, New York (2016)

    Google Scholar 

  38. Wu, J., Yang, M., Luo, T.: PACS: permission abuse checking system for Android applications based on review mining. In: IEEE Conference on Dependable and Secure Computing, pp. 251–258. IEEE (2017)

    Google Scholar 

  39. Slavin, R., et al.: Toward a framework for detecting privacy policy violations in Android application code. In: Proceedings of the 38th International Conference on Software Engineering - ICSE 2016, pp. 25–36. ACM Press, New York (2016)

    Google Scholar 

  40. Calciati, P., Gorla, A.: How do apps evolve in their permission requests? A preliminary study. In: IEEE/ACM 14th International Conference on Mining Software Repositories (MSR), pp. 37–41. IEEE (2017)

    Google Scholar 

  41. Cheng, Y., Yan, Z.: PerRec: a permission configuration recommender system for mobile apps. In: Ibrahim, S., Choo, K.-K.R., Yan, Z., Pedrycz, W. (eds.) ICA3PP 2017. LNCS, vol. 10393, pp. 476–485. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-65482-9_34

    Chapter  Google Scholar 

Download references

Acknowledgements

This work was supported in part by the National Natural Science Foundation of China under Grant 61632009, in part by the Guangdong Provincial Natural Science Foundation under Grant 2017A030308006, and in part by the High-Level Talents Program of Higher Education in Guangdong Province under Grant 2016ZJ01.

Author information

Authors and Affiliations

  1. School of Computer Science, Guangzhou University, Guangzhou, 510006, China

    Boya Li, Guojun Wang & Haroon Elahi

  2. School of Computer Science and Engineering, Central South University, Changsha, China

    Guihua Duan

Authors
  1. Boya Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Guojun Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Haroon Elahi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Guihua Duan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Guojun Wang .

Editor information

Editors and Affiliations

  1. Guangzhou University, Guangzhou, China

    Guojun Wang

  2. Fordham University, New York, USA

    Md Zakirul Alam Bhuiyan

  3. Università degli Studi di Milano, Milan, Italy

    Sabrina De Capitani di Vimercati

  4. Hangzhou Dianzi University, Hangzhou, China

    Yizhi Ren

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Li, B., Wang, G., Elahi, H., Duan, G. (2019). A Light-Weight Framework for Pre-submission Vetting of Android Applications in App Stores. In: Wang, G., Bhuiyan, M.Z.A., De Capitani di Vimercati, S., Ren, Y. (eds) Dependability in Sensor, Cloud, and Big Data Systems and Applications. DependSys 2019. Communications in Computer and Information Science, vol 1123. Springer, Singapore. https://doi.org/10.1007/978-981-15-1304-6_28

Download citation

  • DOI: https://doi.org/10.1007/978-981-15-1304-6_28

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-1303-9

  • Online ISBN: 978-981-15-1304-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation