Attention: there is an inconsistency between android permissions and application metadata!
Abstract
Since mobile applications make our lives easier, there is a large number of mobile applications customized for our needs in the application markets. While the application markets provide us a platform for downloading applications, it is also used by malware developers in order to distribute their malicious applications. In Android, permissions are used to prevent users from installing applications that might violate the users’ privacy by raising their awareness. From the privacy and security point of view, if the functionality of applications is given in sufficient detail in their descriptions, then the requirement of requested permissions could be well-understood. This is defined as description-to-permission fidelity in the literature. In this study, we propose two novel models that address the inconsistencies between the application descriptions and the requested permissions. The proposed models are based on the current state-of-art neural architectures called attention mechanisms. Here, we aim to find the permission statement words or sentences in app descriptions by using the attention mechanism along with recurrent neural networks. The lack of such permission statements in application descriptions creates a suspicion. Hence, the proposed approach could assist in static analysis techniques in order to find suspicious apps and to prioritize apps for more resource intensive analysis techniques. The experimental results show that the proposed approach achieves high accuracy.Citation
Alecakir, H., Can, B. & Sen, S. (2021) Attention: there is an inconsistency between android permissions and application metadata!. International Journal of Information Security 20, 797–815. https://doi.org/10.1007/s10207-020-00536-1Publisher
Springer Science and Business Media LLCJournal
International Journal of Information SecurityAdditional Links
https://link.springer.com/article/10.1007/s10207-020-00536-1Type
Journal articleLanguage
enDescription
This is an accepted manuscript of an article published by Springer in International Journal of Information Security on 07/01/2021, available online: https://doi.org/10.1007/s10207-020-00536-1 The accepted version of the publication may differ from the final published version.ISSN
1615-5262EISSN
1615-5270ae974a485f413a2113503eed53cd6c53
10.1007/s10207-020-00536-1
Scopus Count
Except where otherwise noted, this item's license is described as https://creativecommons.org/licenses/by-nc-nd/4.0/