Abstract
Mobile app descriptions have been widely used in app markets to deliver various types of information to end-users. Even though this information may implicitly expose the dangerous permissions that allow access to sensitive data, most users cannot correctly identify and interpret the corresponding textual sentences owing to insufficient knowledge regarding Android permissions and the semantics of app descriptions. It is therefore important to assist users in understanding whether an app description accurately reflects whether the app may request dangerous permissions. To this end, we propose an approach named Fidelity Calculation for Description-to-Permissions (FCDP). It is aimed at assisting app-market auditors in assessing whether an app description indicates all information related to dangerous permissions using a quantified fidelity for providing a high-quality description to mobile users. Furthermore, we experimentally investigate the effect of different factors on FCDP, and we demonstrate that FCDP outperforms the state-of-the-art method by over 3.65% in predicting description-to-permissions. By using 64,265 Android descriptions crawled from Google Play, our in-depth analysis further indicates that most app descriptions do not entirely disclose the semantics of dangerous permissions for mobile users in the wild. It is therefore quite urgent to assist app-market auditors in regulating description writing in this regard.
Highlights
Android has become the most popular mobile operating system, with a 70.68% share of the global market in April 2020 [1]
Google Play has issued a simple policy for writing app description, which includes disclosing the usage of dangerous permissions [9]
To evaluate the effectiveness of FCDP in predicting permissions from app descriptions, we compared it with the following deep learning models: AC-Net [36], Bi-Long Short-Term Memory (LSTM), Convolutional Neural Networks for text classification [48], Hierarchical Attention Networks (HAN) [24] and Recurrent Convolutional Neural Networks (RCNN) [49]
Summary
Android has become the most popular mobile operating system, with a 70.68% share of the global market in April 2020 [1]. To protect sensitive user information, Android provides a mechanism that enables end-users to grant or deny permission when a request is received. In order to assist end-users in understanding whether the dangerous permissions are imperative for their demands based on app descriptions, it is necessary to develop guidelines for writing appropriate app descriptions. Google Play has issued a simple policy for writing app description, which includes disclosing the usage of dangerous permissions [9]. App descriptions may not disclose all information regarding dangerous permissions To address these issues, we propose Fidelity Calculation for Description-to-Permissions (FCDP) to predict the permissions that may be requested by an app based on textual descriptions, and to quantify the fidelity of these descriptionsto-permissions. It enables auditors to provide appropriate feedback to app developers for modification based on fidelity until all usages of PSI are adequately presented in app descriptions.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
