Skip to main content
SpringerLink
Log in

A Comprehensive Study of Permission Usage on Android

  • Conference paper
  • First Online:
Book cover Network and System Security (NSS 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11058))

Included in the following conference series:

  • 1497 Accesses

Abstract

Nowadays, redundant permissions and probing permissions are common in Android applications and third-party libraries, which may cause massive security threats to their users. Existing tools used for permission analysis may introduce incorrect detection results, due to their regardless of the relationships between permissions and the values of function parameters and fields. In order to extract the exact used permissions in Android applications and third-party libraries, we propose a Dalvik register-based data flow analysis technique (DARFA) to get the parameter values of function parameters and fields. By leveraging DARFA, we design and implement PermHunter, a static analysis tool, to detect redundant permissions and probing permissions in Android apps and third-party libraries. We have evaluated PermHunter by analyzing 45 third-party libraries and 653 applications. These results indicate that nearly half of these third-party libraries have redundant permissions and probing permissions, and the proportions in Android applications are even higher.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Felt, A.P., Chin, E., Hanna, S., et al.: Android permissions demystified. In: Proceedings of the 2011 ACM Conference on Computer and Communications Security (CCS), pp. 627–638. ACM, New York (2011)

    Google Scholar 

  2. Au, K.W.Y., Zhou, Y.F., Huang, Z., et al.: PScout: analyzing the android permission specification. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS), pp. 217–228. ACM, New York (2012)

    Google Scholar 

  3. Backes, M., Bugiel, S., Derr, E., et al.: On demystifying the android application framework: re-visiting android permission sepecification analysis. In: Proceedings of the 25th USENIX Security Symposium (USENIX Security), pp. 1101–1118. USENIX Association, Berkeley (2016)

    Google Scholar 

  4. Arzt, S., Rasthofer, S., Fritz, C., et al.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language De-sign and Implementation (PLDI), pp. 259–269. ACM, New York (2014)

    Google Scholar 

  5. AndroBugs\(\_\)Framework. https://github.com/AndroBugs/AndroBugs_Framework. Accessed 4 Apr 2017

  6. axplorer demystifying the Android Application Framework. http://www.axplorer.org/. Accessed 11 Oct 2017

  7. PScout. http://pscout.csl.toronto.edu/downloads.php. Accessed 15 Apr 2017

  8. AppBrain-Android library statistics. http://www.appbrain.com/stats/libraries. Accessed 4 Feb 2017

  9. Baidu developer. http://developer.baidu.com/platform/catalog/navigation-c/node/n301. Accessed 4 Feb 2017

  10. Weixin Developer. https://open.weixin.qq.com. Accessed 4 Feb 2017

  11. Umeng. http://www.umeng.com/codecenter.html. Accessed 4 Feb 2017

  12. DevStore. http://www.devstore.cn/service/newproductList/sta3-cla4.html. Accessed 4 Feb 2017

  13. Vidas, T., Christin, N., Cranor, L.: Curbing android permission creep. In: Proceedings of the Web 2.0 Security and Privacy 2011 Workshop (W2sp) (2011)

    Google Scholar 

  14. Bartel, A., Klein, J., Traon, Y. L., et al.: Automatically securing permission-based software by reducing the attack surface: an application to Android. In: Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 274–277. ACM, New York (2012)

    Google Scholar 

  15. Grace, M.C., Zhou, W., Jiang, X., et al.: Unsafe exposure analysis of mobile in- app advertisements. In: Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), pp. 101–112. ACM, New York(2012)

    Google Scholar 

  16. Fuchs, A.P., Chaudhuri, A., Foster, J. S.: SCanDroid: automated security certification of android applications. In: Proceedings of the 2010 IEEE Symposium on Security and Privacy (S&P). IEEE, Piscataway (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. China Academy of Information and Communications Technology, Beijing, 100191, China

    Yemian Lu, Juan Pan, Pengyi Zhan & Wei Guo

  2. Graduate School at Shenzhen, Tsinghua University, Shenzhen, 518055, China

    Qi Li

  3. Institute of Software, Chinese Academy of Sciences, Beijing, 100190, China

    Purui Su & Jia Yan

Authors
  1. Yemian Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Qi Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Purui Su
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Juan Pan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jia Yan
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Pengyi Zhan
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Wei Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yemian Lu .

Editor information

Editors and Affiliations

  1. The Hong Kong Polytechnic University, Hong Kong, China

    Man Ho Au

  2. The University of Hong Kong, Hong Kong, China

    Siu Ming Yiu

  3. Guangzhou University, Guangzhou, China

    Jin Li

  4. The Hong Kong Polytechnic University, Hong Kong, China

    Xiapu Luo

  5. City University of Hong Kong, Hong Kong, China

    Cong Wang

  6. University of Salerno and University of Naples Federico II, Fisciano, Italy

    Aniello Castiglione

  7. CISPA Helmholtz Center i.G. GmbH, Saarbrücken, Germany

    Kamil Kluczniak

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Lu, Y. et al. (2018). A Comprehensive Study of Permission Usage on Android. In: Au, M., et al. Network and System Security. NSS 2018. Lecture Notes in Computer Science(), vol 11058. Springer, Cham. https://doi.org/10.1007/978-3-030-02744-5_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-02744-5_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-02743-8

  • Online ISBN: 978-3-030-02744-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation