Android Permission Recommendation Using Transitive Bayesian Inference Model

  • Bahman RashidiEmail author
  • Carol Fung
  • Anh Nguyen
  • Tam Vu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9878)


In current Android architecture, users have to decide whether an app is safe to use or not. Technical-savvy users can make correct decisions to avoid unnecessary privacy breach. However, most users may have difficulty to make correct decisions. DroidNet is an Android permission recommendation framework based on crowdsourcing. In this framework, DroidNet runs new apps under probation mode without granting their permission requests up-front. It provides recommendations on whether to accept or reject the permission requests based on decisions from peer expert users. To seek expert users, we propose an expertise rating algorithm using transitional Bayesian inference model. The recommendation is based on the aggregated expert responses and its confidence level. Our evaluation results demonstrate that given sufficient number of experts in the network, DroidNet can provide accurate recommendations and cover majority of app requests given a small coverage from a small set of initial experts.


Expertise Rating Recommendation Algorithm Regular User Expert User Expertise Level 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
  2. 2.
    F-droid - free and open source android app repository. Accessed August 2015
  3. 3.
    Bit9 report: pausing google play: more than 100,000 android apps may pose security risks. Accessed May 2015
  4. 4.
    Agarwal, Y., Hall, M.: Protectmyprivacy: detecting and mitigating privacy leaks on IOS devices using crowdsourcing. In: Proceeding of the 11th Annual International Conference on Mobile Systems, Applications, and Services (MobiSys 2013), New York, NY, USA, pp. 97–110. ACM (2013)Google Scholar
  5. 5.
    Amadeo, R.: App Ops: Android 4.3’s hidden app permission manager, control permissions for individual apps!
  6. 6.
    Au, K.W.Y., Zhou, Y.F., Huang, Z., Lie, D. Pscout: analyzing the android permission specification. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS 2012), New York, NY, USA, pp. 217–228. ACM (2012)Google Scholar
  7. 7.
    Backes, M., Gerling, S., Hammer, C., Maffei, M., von Styp-Rekowsky, P.: AppGuard – enforcing user requirements on android apps. In: Piterman, N., Smolka, S.A. (eds.) TACAS 2013 (ETAPS 2013). LNCS, vol. 7795, pp. 543–548. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  8. 8.
    Barrera, D., Clark, J., McCarney, D., van Oorschot, P.C.: Understanding and improving app installation security mechanisms through empirical analysis of android. In: SPSMD (SPSM 2012), New York, NY, USA, pp. 81–92. ACM (2012)Google Scholar
  9. 9.
    Beresford, A.R., Rice, A., Skehin, N., Sohan, R.: Mockdroid: trading privacy for application functionality on smartphones. In: HotMobile 2011, pp. 49–54 (2011)Google Scholar
  10. 10.
    Enck, W., Ongtang, M., McDaniel, P.D., et al.: Understanding android security. IEEE Secur. Priv. 7(1), 50–57 (2009)CrossRefGoogle Scholar
  11. 11.
    Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: 18th CCS, pp. 627–638. ACM (2011)Google Scholar
  12. 12.
    Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions : user attention, comprehension, and behavior. In: SOUPS 2012, New York, NY, USA, pp. 3:1–3:14. ACM (2012)Google Scholar
  13. 13.
    Guha, S., Jain, M., Padmanabhan, V.N.: Koi: a location-privacy platform for smartphone apps. In: NSDI, NSDI 2012, p. 14. USENIX Association (2012)Google Scholar
  14. 14.
    Hildenbrand, J.: Android app permissions - how google gets it right.
  15. 15.
    Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren’t the droids you’re looking for: retrofitting android to protect data from imperious applications. In: CCS (2011)Google Scholar
  16. 16.
    Ismail, Q., Ahmed, T., Kapadia, A., Reiter, M.K.: Crowdsourced exploration of security configurations. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (CHI 2015), pp. 467–476, New York, NY, USA. ACM (2015)Google Scholar
  17. 17.
    University of Alabama at Birmingham Online. The future of mobile application.
  18. 18.
    Rashidi, B., Fung, C., Dude, T.: Ask the experts! android resource access permission recommendation with recDroid. In: 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), pp. 296–304, May 2015Google Scholar
  19. 19.
    Rashidi, B., Fung, C., Vu, T.: Android fine-grained permission control system with real-time expert recommendations. Pervasive Mob. Comput. (2016)Google Scholar
  20. 20.
    Russello, G., Jimenez, A.B., Naderi, H., van der Mark, W.: Firedroid: hardening security in almost-stock android. In: ACSAC 2013, New York, NY, USA, pp. 319–328. ACM (2013)Google Scholar
  21. 21.
    Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S., Glezer, C.: Google android: a comprehensive security assessment. IEEE Secur. Priv. 8(2), 35–44 (2010)CrossRefGoogle Scholar
  22. 22.
    Victor, H.: Android’s google play beats app store with over 1 million apps, now officially largest.
  23. 23.
    Xu, R., Sadi, H., Anderson, R.: Aurasium: practical policy enforcement for android applications. In: 21st CSS, Security 2012, p. 27. USENIX Association (2012)Google Scholar
  24. 24.
    Yang, L., Boushehrinejadmoradi, N., Roy, P., Ganapathy, V., Iftode, L.: Short paper : enhancing users’ comprehension of android permissions. In: Proceedings of the Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2012), New York, NY, USA, pp. 21–26. ACM (2012)Google Scholar
  25. 25.
    Zhou, Y., Zhang, X., Jiang, X., Freeh, V.W.: Taming information-stealing smartphone applications (on android). In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) Trust 2011. LNCS, vol. 6740, pp. 93–107. Springer, Heidelberg (2011)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Bahman Rashidi
    • 1
    Email author
  • Carol Fung
    • 1
  • Anh Nguyen
    • 2
  • Tam Vu
    • 2
  1. 1.Virginia Commonwealth UniversityRichmondUSA
  2. 2.University of Colorado DenverDenverUSA

Personalised recommendations