PERUIM: understanding mobile application privacy with permission-UI mapping

Abstract

Current mobile operating systems such as Android employ the permission-based access control mechanism, but it is difficult for users to understand how and why the permissions are used within a particular application. This paper introduces permission-UI mapping as an easy-to-understand representation to illustrate how permissions are used by different UI components within a given application. Connecting UI components to permissions helps users to understand the purpose of permission requests and also makes it possible to illustrate permission requests in a fine-grained manner. We propose PERUIM to extract the permission-UI mapping from an application based on both dynamic and static analysis, and represent the analysis results with a graphical representation. Experiments on popular mobile applications demonstrate the accuracy and applicability of the proposed approach.