Identification of Possibly Intemperate Permission Demands in Android Apps

There are millions of android applications being developed for smartphones and tablets. These apps are collecting enormous amounts of private data, compromising user's privacy. Researchers have tried to identify the difference between 'requested permissions' and 'used permissions' as some apps ask for a permission but may use it for stealing the user data. Android has put the system of asking user's consent for certain permissions but users have been found negligent in granting those permissions. For example, a note taking app may take the user's location data and send it to its server. As long as the app has requested the user's consent and the user has granted the permission, the state of art system will consider it benign. In this paper, we will try to identify and answer the question, 'are these permissions really necessary for the app?‘. There are thousands of applications hosted on playstore providing the same functionality. And for providing the same facility, different apps ask for a different set of permissions. It is not easy to understand whether the permissions are really used in the application. We are going to utilize a different approach by comparing and comprehending the app from its peers in the playstore. We will analyze the peer app in the same category and with similar functionality for the permission difference. If the same functionality is achieved with a lesser number of permissions, the app is considered to be malicious and will require further investigation. With this approach, we designed a statistical approach to evaluate an app for excessive permission requests. Experimental results and case studies have shown that this approach is effective in identifying malicious apps.