Dude, ask the experts!: Android resource access permission recommendation with RecDroid

With the exponential growth of smartphone apps, it is prohibitive for apps market places, such as Google App Store for example, to thoroughly verify if an app is legitimate or malicious. As a result, mobile users are left to decide for themselves whether an app is safe to use. Even worse, recent studies have shown that most apps in markets request to collect data irrelevant to the main functions of the apps, which could cause leaking of private information or inefficient use of mobile resources. To assist users to make a right decision as for whether a permission request should be accepted, we propose RecDroid. RecDroid is a crowdsourcing recommendation framework that collects apps´ permission requests and users´ permission responses, from which a ranking algorithm is used to evaluate the expertise level of users and a voting algorithm is used to compute an appropriate response to the permission request (accept or reject). To bootstrap the recommendation system, RecDroid relies on a small set of seed expert users that could make reliable recommendations for a small set of application. Our evaluation results show that RecDroid can provide high accuracy and satisfying coverage with careful selection of parameters. The results also show that a small coverage from seed experts is sufficient for RecDroid to cover the majority of the app requests.