Android应用程序权限分析

2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI:10.1109/SERE-C.2012.44

Ryan V. Johnson, Zhaohui Wang, Corey Gagnon, A. Stavrou

{"title":"Android应用程序权限分析","authors":"Ryan V. Johnson, Zhaohui Wang, Corey Gagnon, A. Stavrou","doi":"10.1109/SERE-C.2012.44","DOIUrl":null,"url":null,"abstract":"We developed an architecture that automatically searches for and downloads Android applications from the Android Market. Furthermore, we created a detailed mapping of Android application programming interface (API) calls to the required permission(s), if any, for each call. We then performed an analysis of 141,372 Android applications to determine if they have the appropriate set of permissions based on the static analysis of the APK bytecode of each application. Our findings indicate that the majority of mobile software developers are not using the correct permission set and that they either over-specify or under-specify their security requirements.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"13 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"63","resultStr":"{\"title\":\"Analysis of Android Applications' Permissions\",\"authors\":\"Ryan V. Johnson, Zhaohui Wang, Corey Gagnon, A. Stavrou\",\"doi\":\"10.1109/SERE-C.2012.44\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We developed an architecture that automatically searches for and downloads Android applications from the Android Market. Furthermore, we created a detailed mapping of Android application programming interface (API) calls to the required permission(s), if any, for each call. We then performed an analysis of 141,372 Android applications to determine if they have the appropriate set of permissions based on the static analysis of the APK bytecode of each application. Our findings indicate that the majority of mobile software developers are not using the correct permission set and that they either over-specify or under-specify their security requirements.\",\"PeriodicalId\":403736,\"journal\":{\"name\":\"2012 IEEE Sixth International Conference on Software Security and Reliability Companion\",\"volume\":\"13 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-06-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"63\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 IEEE Sixth International Conference on Software Security and Reliability Companion\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SERE-C.2012.44\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SERE-C.2012.44","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 63

摘要

我们开发了一个架构，可以自动从Android Market搜索和下载Android应用程序。此外，我们为每个调用创建了Android应用程序编程接口(API)调用到所需权限(如果有的话)的详细映射。然后，我们对141,372个Android应用程序进行了分析，以确定它们是否具有基于每个应用程序的APK字节码的静态分析的适当权限集。我们的调查结果表明，大多数移动软件开发人员没有使用正确的权限集，他们要么过度指定，要么没有充分指定他们的安全需求。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Analysis of Android Applications' Permissions

We developed an architecture that automatically searches for and downloads Android applications from the Android Market. Furthermore, we created a detailed mapping of Android application programming interface (API) calls to the required permission(s), if any, for each call. We then performed an analysis of 141,372 Android applications to determine if they have the appropriate set of permissions based on the static analysis of the APK bytecode of each application. Our findings indicate that the majority of mobile software developers are not using the correct permission set and that they either over-specify or under-specify their security requirements.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2012 IEEE Sixth International Conference on Software Security and Reliability Companion

自引率

0.00%

发文量