Permlyzer: Analyzing permission usage in Android applications

Wei Xu; Fangfang Zhang; Sencun Zhu

doi:10.1109/ISSRE.2013.6698893

Permlyzer: Analyzing permission usage in Android applications

Wei Xu, Fangfang Zhang, Sencun Zhu

Computer Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

54 Scopus citations

Abstract

As one of the most popular mobile platforms, the Android system implements an install-time permission mechanism to provide users with an opportunity to deny potential risky permissions requested by an application. In order for both users and application vendors to make informed decisions, we designed and built Permlyzer, a general-purpose framework to automatically analyze the uses of requested permissions in Android applications. Permlyzer leverages the combination of runtime analysis and static examination to perform an accurate and in-depth analysis. The call stack-based analysis in Permlyzer can provide fine-grained information of the permission uses from various aspects include location, cause and purpose. More importantly, Permlyzer can automatically explore the functionality of an application and analyze the permission uses. Our evaluation using 51 malware/spyware families and over 110,000 Android applications demonstrates that Permlyzer can provide detailed permission use analysis and discover the characteristics of the permission uses in both benign and malicious applications.

Original language	English (US)
Title of host publication	2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013
Pages	400-410
Number of pages	11
DOIs	https://doi.org/10.1109/ISSRE.2013.6698893
State	Published - 2013
Event	2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013 - Pasadena, CA, United States Duration: Nov 4 2013 → Nov 7 2013

Publication series

Name	2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013

Other

Other	2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013
Country/Territory	United States
City	Pasadena, CA
Period	11/4/13 → 11/7/13

All Science Journal Classification (ASJC) codes

Software

Access to Document

10.1109/ISSRE.2013.6698893

Cite this

@inproceedings{02f808ae95bd4ae7b3102bd0d02ce5b9,

title = "Permlyzer: Analyzing permission usage in Android applications",

abstract = "As one of the most popular mobile platforms, the Android system implements an install-time permission mechanism to provide users with an opportunity to deny potential risky permissions requested by an application. In order for both users and application vendors to make informed decisions, we designed and built Permlyzer, a general-purpose framework to automatically analyze the uses of requested permissions in Android applications. Permlyzer leverages the combination of runtime analysis and static examination to perform an accurate and in-depth analysis. The call stack-based analysis in Permlyzer can provide fine-grained information of the permission uses from various aspects include location, cause and purpose. More importantly, Permlyzer can automatically explore the functionality of an application and analyze the permission uses. Our evaluation using 51 malware/spyware families and over 110,000 Android applications demonstrates that Permlyzer can provide detailed permission use analysis and discover the characteristics of the permission uses in both benign and malicious applications.",

author = "Wei Xu and Fangfang Zhang and Sencun Zhu",

note = "Copyright: Copyright 2014 Elsevier B.V., All rights reserved.; 2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013 ; Conference date: 04-11-2013 Through 07-11-2013",

year = "2013",

doi = "10.1109/ISSRE.2013.6698893",

language = "English (US)",

isbn = "9781479923663",

series = "2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013",

pages = "400--410",

booktitle = "2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013",

}

Xu, W, Zhang, F & Zhu, S 2013, Permlyzer: Analyzing permission usage in Android applications. in 2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013., 6698893, 2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013, pp. 400-410, 2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013, Pasadena, CA, United States, 11/4/13. https://doi.org/10.1109/ISSRE.2013.6698893

Permlyzer: Analyzing permission usage in Android applications. / Xu, Wei; Zhang, Fangfang; Zhu, Sencun.
2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013. 2013. p. 400-410 6698893 (2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Permlyzer

T2 - 2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013

AU - Xu, Wei

AU - Zhang, Fangfang

AU - Zhu, Sencun

PY - 2013

Y1 - 2013

N2 - As one of the most popular mobile platforms, the Android system implements an install-time permission mechanism to provide users with an opportunity to deny potential risky permissions requested by an application. In order for both users and application vendors to make informed decisions, we designed and built Permlyzer, a general-purpose framework to automatically analyze the uses of requested permissions in Android applications. Permlyzer leverages the combination of runtime analysis and static examination to perform an accurate and in-depth analysis. The call stack-based analysis in Permlyzer can provide fine-grained information of the permission uses from various aspects include location, cause and purpose. More importantly, Permlyzer can automatically explore the functionality of an application and analyze the permission uses. Our evaluation using 51 malware/spyware families and over 110,000 Android applications demonstrates that Permlyzer can provide detailed permission use analysis and discover the characteristics of the permission uses in both benign and malicious applications.

AB - As one of the most popular mobile platforms, the Android system implements an install-time permission mechanism to provide users with an opportunity to deny potential risky permissions requested by an application. In order for both users and application vendors to make informed decisions, we designed and built Permlyzer, a general-purpose framework to automatically analyze the uses of requested permissions in Android applications. Permlyzer leverages the combination of runtime analysis and static examination to perform an accurate and in-depth analysis. The call stack-based analysis in Permlyzer can provide fine-grained information of the permission uses from various aspects include location, cause and purpose. More importantly, Permlyzer can automatically explore the functionality of an application and analyze the permission uses. Our evaluation using 51 malware/spyware families and over 110,000 Android applications demonstrates that Permlyzer can provide detailed permission use analysis and discover the characteristics of the permission uses in both benign and malicious applications.

UR - http://www.scopus.com/inward/record.url?scp=84893330207&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84893330207&partnerID=8YFLogxK

U2 - 10.1109/ISSRE.2013.6698893

DO - 10.1109/ISSRE.2013.6698893

M3 - Conference contribution

AN - SCOPUS:84893330207

SN - 9781479923663

T3 - 2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013

SP - 400

EP - 410

BT - 2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013

Y2 - 4 November 2013 through 7 November 2013

ER -

Permlyzer: Analyzing permission usage in Android applications

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this