How Dangerous Permissions are Described in Android Apps' Privacy Policies?

Baalous, Rawan; Poet, Ronald

doi:10.1145/3264437.3264477

Cited by 11 publications

(6 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The order of requested dangerous permissions is almost the same. Data transmission with external storage, get phone status information, access to the location and read contacts list are ordinary the most frequent dangerous permissions in these studies [12,13].…”

Section: Discussionmentioning

confidence: 99%

Security Challenges in Android mHealth Apps Permissions: A Case Study of Persian Apps

Naderi

Kiani

2020

Front Health Inform

View full text Add to dashboard Cite

Introduction: In this study, Persian Android mobile health (mhealth) applications were studied to describe usage of dangerous permissions in health related mobile applications. So the most frequently normal and dangerous permissions used in mhealth applications were reviewed.Materials and Methods: We wrote a PHP script to crawl information of Android apps in “health” and “medicine” categories from Cafebazaar app store. Then permission information of these application were extracted.Results: 11627 permissions from 3331 studied apps were obtained. There was at least one dangerous permission in 48% of reviewed apps. 41% of free applications, 53% of paid applications and 71% of in-purchase applications contained dangerous permissions. 1321 applications had writing permission to external storage of phone (40%), 1288 applications had access to read from external storage (39%), 422 applications could read contact list and ongoing calls (13%) and 188 applications were allowed to access phone location (5%).Conclusion: Most of Android permissions are harmless but significant number of the apps have at least one dangerous permission which increase the security risk. So paying attention to the permissions requested in the installation step is the best way to ensure that the application installed on your phone can only access what you want.

show abstract

Section: Discussionmentioning

confidence: 99%

Security Challenges in Android mHealth Apps Permissions: A Case Study of Persian Apps

Naderi

Kiani

2020

Front Health Inform

View full text Add to dashboard Cite

show abstract

“…e root source of code alteration and rebranding assaults is eliminated with this strategy. Another study is presented with documents the vocabulary used in Android app privacy policies to characterize the use of potentially harmful permissions [70]. e semi-automated approach uses NLP and IE approaches to link privacy policies' terminology to dangerous Android permissions.…”

Section: Analyzing the Existing State-of-the-art Research Work Based On Popular Librariesmentioning

confidence: 99%

Influencing User’s Behavior Concerning Android Privacy Policy: An Overview

Nazir

Deng

2021

Mobile Information Systems

View full text Add to dashboard Cite

The wide-ranging implementation of Android applications used in various devices, from smartphones to intelligent television, has made it thought-provoking for developers. The permission granting mechanism is one of the defects imposed by the developers. Such assessing of defects does not allow the user to comprehend the implication of privacy for granting permission. Mobile applications are speedily easily reachable to typical users of mobile. Despite possible applications for improving the affordability, availability, and effectiveness of delivering various services, it handles sensitive data and information. Such data and information carry considerable security and privacy risks. Users are usually unaware of how the data can be managed and used. Reusable resources are available in the form of third-party libraries, which are broadly active in android apps. It provides a diversity of functions that deliver privacy and security concerns. Host applications and third-party libraries are run in the same process and share similar permissions. The current study has presented an overview of the existing approaches, methods, and tools used for influencing user behavior concerning android privacy policy. Various prominent libraries were searched, and their search results were analyzed briefly. The search results were presented in diverse perspectives for showing the details of the work done in the area. This will help researchers to offer new solutions in the area of the research.

show abstract

“…This is captured by the "geolocation information" governor dependent pair. Furthermore, the study in Baalous and Poet (2018) showed how dangerous permissions are described in Android App's privacy policies. For example, their study showed that privacy policies often use the terms: "address book" and "device's phonebook" to describe that they are using the "Contacts" permissions.…”

Section: Sources Of App Textual Descriptionsmentioning

confidence: 99%

Security-oriented view of app behaviour using textual descriptions and user-granted permission requests

Olukoya

Mackenzie

Omoronyia

2020

Computers & Security

View full text Add to dashboard Cite

One of the major Android security mechanisms for enforcing restrictions on the core facilities of a device that an app can access is permission control. However, there is an enormous amount of risk with regards to granting permissions since 97% of malicious mobile malware targets Android. As malware is becoming more complicated, recent research proposed a promising approach that checks implemented app behaviour against advertised app behaviour for inconsistencies. In this paper, we investigate such inconsistencies by matching the permission an app requests with the natural language descriptions of the app which gives an intuitive idea of user expected behaviour of the app. Then, we propose exploiting an enhanced app description to improve malware detection based on app descriptions and permissions. To evaluate the performance, we carried out various experiments with 56K apks. Our proposed enhancement reduces the false positives of the state-of-the-art approaches, Whyper, AutoCog, CHABADA by at least 87%, and TAPVerifier by at least 57%. We proposed a novel approach for evaluating the robustness of textual descriptions for permission-based malware detection. Our experimental results demonstrate a high detection recall rate of 98.72% on 71 up-to-date malware families and a precision of 90% on obfuscated samples of benign and malware apks. Our results also show that analysing sensitive permissions requested and UI textual descriptions provides a promising avenue for sustainable Android malware detection.

show abstract

How Dangerous Permissions are Described in Android Apps' Privacy Policies?

Cited by 11 publications

References 5 publications

Security Challenges in Android mHealth Apps Permissions: A Case Study of Persian Apps

Security Challenges in Android mHealth Apps Permissions: A Case Study of Persian Apps

Influencing User’s Behavior Concerning Android Privacy Policy: An Overview

Security-oriented view of app behaviour using textual descriptions and user-granted permission requests

Contact Info

Product

Resources

About