Dypermin: Dynamic permission mining framework for android platform

Abstract

The Android architecture introduces to the application layer a permission based access control model for restricting access to sensitive phone resources. In this model the access to Application Programming Interfaces (APIs) is protected through permissions defined by the Android OS. The developers in order to utilize protected API methods must declare, in the application’s manifest, the appropriate permissions. The “relation” between framework method and a permission can be found through Android’s documentation. However, not only documentation may accidentally lack information but also Android features undocumented and hidden API methods. Undoubtedly a major challenge for researchers today, is the accurate identification of API methods and permissions pairs, which compose the permission map for the Android framework.This paper introduces Dypermin; a transparent framework for compiling the Android permission map without requiring any modification to the underlying operating system. To achieve that, Dypermin capitalizes on intrinsic properties of the Android framework that is security exceptions during runtime and the availability of any protected API method through the Android framework, as well as on the advantages of Java reflection mechanism. Dypermin, in contrast to other related methods, validates itself as it relies on runtime information, meaning that it does not generate false positive map entries. Dypermin has been evaluated on different Android versions. The results have been compared with the respective results of other proposed methods in order to demonstrate Dypermin’s efficacy for compiling the Android permission map for any given version.