Abstract
Android operating system uses a security mechanism based on permissions to restrict mobile apps to access sensitive device resources. However, because of such disadvantages as coarse-granularity of permission management and vague permission description, the current permission-based security mechanism of Android is not sufficiently effective in practice. In addition, only a small number of users realize the importance of permission settings and mostly they cannot make a proper decision on permission settings due to lack of runtime information and professional knowledge. In this paper, we propose PerRec, a permission configuration recommender system based on trust management, which assists the mobile users to set permissions in order to enhance user privacy and device security. It is designed based on our pre-developed reputation system named TruBeRepec [1] to get the trust and reputation values of an app and further offer recommendations on how to set permissions. Based on system implementation, we evaluate the accuracy and safety of PerRec by comparing PerRec’s recommendations with the Android system default permission settings. The result shows that PerRec can provide effective permission recommendations to prevent potential security threats. We further conduct a small-scale user study to demonstrate its user acceptance.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Yan, Z., Zhang, P., Deng, R.H.: TruBeRepec: a trust-behavior-based reputation and recommender system for mobile applications. Pers. Ubiquit. Comput. 16(5), 485–506 (2012)
Dang, T.L., Yan. Z., Tong. F., Zhang. W.D., Zhang. P.: Implementation of a trust-behavior based reputation system for mobile applications. In: 2014 IEEE 9th International Conference on Broadband and Wireless Computing, Communication and Applications, pp. 221–228 (2014)
Nauman, M., Khan, S., Zhang, X.: Apex: extending android permission model and enforcement with user_defined run time constraints. In: 5th International Symposium on ACM Symposium on Information, Computer and Communications Security, pp. 328–332 (2010)
Jeon, J., Micinski, K.K., Vaughan, J.A., Fogel, A., Reddy, N., et al.: Dr. Android and Mr. Hide: fine_grained permissions in android applications. In: The Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, Raleigh, North Carolina, USA, pp. 3–14. ACM (2012)
Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.G., Cox, L.P., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. 32(2), 393–407 (2010)
Fang, Z., Han, W., Li, Y.: Permission based Android security: issues and countermeasures. Comput. Secur. 43(6), 205–218 (2014)
Rashidi, B., Fung, C., Vu, T.: Dude, ask the experts!: Android resource access permission recommendation with RecDroid. In: IEEE International Symposium on Integrated Network Management (IM), pp. 296–304 (2015)
Bao, L., Lo, D., Xia, X., Li, S.: What permissions should this Android app request? In: 2016 International Conference on Software Analysis, Testing and Evolution (SATE), Kunming, pp. 36–41 (2016)
Felt, A.P., Ha, E., Egelman, S., Hane, A.Y., E, Chin., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: 2012 Eighth Symposium on Usable Privacy and Security(SOUPS 2012), New York, pp. 1–14 (2012)
Kaur, A., Upadhyay, D.: PeMo: modifying application’s permissions and preventing information stealing on smartphones. In: 2014 5th International Conference - Confluence The Next Generation Information Technology Summit (Confluence), Noida, pp. 905–910 (2014)
Wang, W., Wang, X., Feng, D., Liu, J., Han, Z., Zhang, X.: Exploring permission-induced risk in Android applications for malicious application detection. IEEE Trans on Information Forensics and Security 9(11), 1869–1882 (2014)
Wei, X., Gomez, L., Neamtiu, I., Faloutsos, M.: Permission evolution in the android ecosystem. In: ACM Computer Security Applications Conference ACSAC, pp. 31–40 (2012)
Bagheri, H., Sadeghi, A., Garcia, J., Malek, S.: COVERT: compositional analysis of Android inter-app permission leakage. IEEE Trans. Software Eng. 41(9), 866–886 (2015)
Zhang, Y., Yang, M., Gu, G., Chen, H.: Rethinking permission enforcement mechanism on mobile systems. IEEE Trans. Inf. Forensics Secur. 11(10), 2227–2240 (2016)
LBESafety Master. http://dl.pconline.com.cn/download/90435.html
Yan, Z., Dong, Y., Niemi, V., Yu, G.L.: Exploring trust of mobile applications based on user behaviors: an empirical study. J. Appl. Soc. Psychol. 43(3), 638–659 (2013)
Feng, S.: Android software security and reverse analysis, 407 pages. Chap. 5 (2013)
https://forum.xda-developers.com/xposed/xposed-installer-versions-changelog-t2714053
Acknowledgments
This work is sponsored by the National Key Research and Development Program of China (grant 2016YFB0800704), the NSFC (grants 61672410 and U1536202), the Project Supported by Natural Science Basic Research Plan in Shaanxi Province of China (Program No. 2016ZDJC-06), the 111 project (grants B08038 and B16037), and Academy of Finland (grant No. 308087).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Cheng, Y., Yan, Z. (2017). PerRec: A Permission Configuration Recommender System for Mobile Apps. In: Ibrahim, S., Choo, KK., Yan, Z., Pedrycz, W. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2017. Lecture Notes in Computer Science(), vol 10393. Springer, Cham. https://doi.org/10.1007/978-3-319-65482-9_34
Download citation
DOI: https://doi.org/10.1007/978-3-319-65482-9_34
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-65481-2
Online ISBN: 978-3-319-65482-9
eBook Packages: Computer ScienceComputer Science (R0)