• DocumentCode
    2984189
  • Title

    Mining Permission Request Patterns from Android and Facebook Applications

  • Author

    Frank, Michael ; Ben Dong ; Felt, Adrienne Porter ; Song, Dong

  • Author_Institution
    Univ. of California, Berkeley, Berkeley, CA, USA
  • fYear
    2012
  • fDate
    10-13 Dec. 2012
  • Firstpage
    870
  • Lastpage
    875
  • Abstract
    Android and Facebook provide third-party applications with access to users´ private data and the ability to perform potentially sensitive operations (e.g., post to a user´s wall or place phone calls). As a security measure, these platforms restrict applications´ privileges with permission systems: users must approve the permissions requested by applications before the applications can make privacy-or security-relevant API calls. However, recent studies have shown that users often do not understand permission requests and are unsure of which permissions are typical for applications. As a first step towards simplifying permission systems, we cluster a corpus of 188,389 Android applications and 27,029 Facebook applications to find patterns in permission requests. Using a method for Boolean matrix factorization to find overlapping clusters of permissions, we find that Facebook permission requests follow a clear structure that can be fitted well with only five patterns, whereas Android applications demonstrate more complex permission requests. We also find that low-reputation applications often deviate from the permission request patterns that we identified for high-reputation applications, which suggests that permission request patterns can be indicative of user satisfaction or application quality.
  • Keywords
    Boolean algebra; application program interfaces; data mining; data privacy; matrix decomposition; operating systems (computers); social networking (online); Android; Boolean matrix factorization; Facebook; application quality; high-reputation application; low-reputation application; overlapping permission clusters; permission request pattern mining; permission system; privacy-or security-relevant API call; private data; security measure; third-party application; user satisfaction; Androids; Facebook; Hardware; Humanoid robots; Malware; Smart phones; Training; Android; Facebook; Permissions; Smartphones; Unsupervised learning; pattern mining;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Data Mining (ICDM), 2012 IEEE 12th International Conference on
  • Conference_Location
    Brussels
  • ISSN
    1550-4786
  • Print_ISBN
    978-1-4673-4649-8
  • Type

    conf

  • DOI
    10.1109/ICDM.2012.86
  • Filename
    6413840
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2984189