Title :
Analysis of Android Applications´ Permissions
Author :
Johnson, Ryan ; Wang, Zhaohui ; Gagnon, Corey ; Stavrou, Angelos
Author_Institution :
Center for Secure Inf. Syst., George Mason Univ., Fairfax, VA, USA
Abstract :
We developed an architecture that automatically searches for and downloads Android applications from the Android Market. Furthermore, we created a detailed mapping of Android application programming interface (API) calls to the required permission(s), if any, for each call. We then performed an analysis of 141,372 Android applications to determine if they have the appropriate set of permissions based on the static analysis of the APK bytecode of each application. Our findings indicate that the majority of mobile software developers are not using the correct permission set and that they either over-specify or under-specify their security requirements.
Keywords :
application program interfaces; mobile computing; operating systems (computers); program diagnostics; security of data; software engineering; API; APK bytecode; Android application permissions; Android application programming interface; Android market; detailed mapping; mobile software developers; security requirements; static analysis; Androids; Educational institutions; Humanoid robots; Java; Security; Smart phones; Software;
Conference_Titel :
Software Security and Reliability Companion (SERE-C), 2012 IEEE Sixth International Conference on
Conference_Location :
Gaithersburg, MD
Print_ISBN :
978-1-4673-2670-4
DOI :
10.1109/SERE-C.2012.44
