Skip to main content
SpringerLink
Log in

An Automated Permission Selection Framework for Android Platform

  • Published:
Journal of Grid Computing Aims and scope Submit manuscript

Abstract

Enhancements to Android security frameworks have been a focal point of the research community in the past few years due to Android’s growing popularity. The Android permission framework performs a vital role in identifying the malicious behavior of an application. Most malware utilizes the wrong permission, given by an application that exploits device security and privacy. The focus point should be managing the permission given to an application at the very beginning, when installing the application. However, in this regard, the solutions given so far are user-centric. That means the user needs to decide whether permission should be given or not. A novice user usually ignores the warnings during installation of an app or accessing a resource. In this research, we introduce an enhanced Android permission framework that automatically decides for the user which permissions should be given to application at installation or when resources are accessed in the newer Android versions. We generated a large dataset of permissions and their ratings to generate a machine learning model. Finally, an incorporated machine learning model automatically decides on behalf of a user which permissions should be given to the user. Our results show high accuracy in the auto-selection of suggested permissions for the end user.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Similar content being viewed by others

References

  1. Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: User attention, comprehension, and behavior. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, p. 3. ACM (2012)

  2. Instagram users compromise their own accounts for likes. http://www.symantec.com/connect/blogs/instagram-users-compromise-their-own-accounts-likes

  3. Motiee, S., Hawkey, K., Beznosov, K.: Do windows users follow the principle of least privilege?: Investigating user account control practices. In: Proceedings of the Sixth Symposium on Usable Privacy and Security, p. 1. ACM (2010)

  4. Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 235–245, ACM (2009)

  5. Sarma, B.P., Li, N., Gates, C., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Android permissions: a perspective combining risks and benefits. In: Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, pp. 13–22. ACM (2012)

  6. Zhang, Y., Yang, M., Xu, B., Yang, Z., Gu, G., Ning, P., Wang, X.S., Zang, B.: Vetting undesirable behaviors in android apps with permission use analysis. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 611–622. ACM (2013)

  7. Arp, D., Spreitzenbarth, M., Hübner, M., Gascon, H., Rieck, K., Siemens, C.: DREBIN: Effective and explainable detection of android malware in your pocket. In: Proceedings of the Annual Symposium on Network and Distributed System Security (NDSS), vol. 14, pp 23–26 (2014)

  8. Rastogi, V., Chen, Y., Jiang, X.: Droidchameleon: evaluating android anti-malware against transformation attacks. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 329–334. ACM (2013)

  9. Jiang, Y.Z.X., Xuxian, Z.: Detecting passive content leaks and pollution in android applications. In: Proceedings of the 20th Network and Distributed System Security Symposium (NDSS) (2013)

  10. Rasthofer, S., Arzt, S., Bodden, E.: A machine-learning approach for classifying and categorizing android sources and sinks. In: 2014 Network and Distributed System Security Symposium (NDSS) (2014)

  11. Alliance, O.H.: Open handset alliance (2011)

  12. Ehringer, D.: The dalvik virtual machine architecture. Techn. Report (March 2010) 4(8) (2010)

  13. Oh, H.S., Kim, B.J., Choi, H.K., Moon, S.M.: Evaluation of Android Dalvik virtual machine. In: Proceedings of the 10th International Workshop on Java Technologies for Real-time and Embedded Systems, pp. 115–124. ACM (2012)

  14. Bläsing, T.: 4 GI FG SIDAR Graduierten-Workshop über Reaktive Sicherheit, pp. 10. Citeseer (2010)

  15. Bläsing, T., Batyuk, L., Schmidt, A.D., Camtepe, S.A., Albayrak, S.: An android application sandbox system for suspicious software detection. In: 2010 5th International Conference on Malicious and Unwanted Software (MALWARE), pp. 55–62. IEEE (2010)

  16. Rogers, R., Lombardo, J., Mednieks, Z., Meike, B.: Android Application Development: Programming with the Google SDK. O’Reilly Media, Inc., Sebastopol (2009)

    Google Scholar 

  17. Brahler, S.: Karlsruhe institute for technology. 7 (2010)

  18. Enck, W., Ongtang, M., McDaniel, P.: Understanding android security. IEEE Secur. Priv. 50 (1), 50–57 (2009)

    Google Scholar 

  19. Barrera, D., Kayacik, H.G., van Oorschot, P.C., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to android. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 73–84. ACM (2010)

  20. Android market api. https://code.google.com/p/android-market-api/

  21. Khan, M.A., Jan, Z., Ishtiaq, M., Khan, M.A., Mirza, A.M.: Selection of accurate and robust classification model for binary classification problems. In: Signal Processing, Image Processing and Pattern Recognition, pp. 161–168. Springer (2009)

  22. Wu, A., Zeng, Z.: Dynamic behaviors of memristor-based recurrent neural networks with time-varying delays. Neural Netw. 36, 1–10 (2012)

    MATH  Google Scholar 

  23. Domínguez, A., Saenz-De-Navarrete, J., De-Marcos, L., FernáNdez-Sanz, L., PagéS, C., MartíNez-HerráIz, J.-J.: Gamifying learning experiences: practical implications and outcomes. Comput. Educ. 63, 380–392 (2013)

    Google Scholar 

  24. Truong, H.T.T., Lagerspetz, E., Nurmi, P., Oliner, A.J., Tarkoma, S., Asokan, N., Bhattacharya, S.: The company you keep: mobile malware infection rates and inexpensive risk indicators. In: Proceedings of the 23rd International Conference on World Wide Web, pp. 39–50. ACM (2014)

  25. Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS) 32(2), 5 (2014)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Computer and Information System, Isalmic University of Madinah, Madinah, Saudi Arabia

    Toqeer Ali, Safiullah Faizullah & Turki Alghamdi

  2. Malaysian Institute of Information Technology, Universiti Kuala Lumpur, Kuala Lumpur, Malaysia

    Yasar Khan

  3. Institute of Management Sceinces, Peshawar, Pakistan

    Tamleek Ali & Sajid Anwar

Authors
  1. Toqeer Ali
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yasar Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tamleek Ali
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Safiullah Faizullah
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Turki Alghamdi
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Sajid Anwar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Toqeer Ali.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ali, T., Khan, Y., Ali, T. et al. An Automated Permission Selection Framework for Android Platform. J Grid Computing 18, 547–561 (2020). https://doi.org/10.1007/s10723-018-9455-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10723-018-9455-1

Keywords

Search

Navigation