Permlyzer: Analyzing permission usage in Android applications

Wei Xu, Fangfang Zhang, Sencun Zhu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

38 Scopus citations

Abstract

As one of the most popular mobile platforms, the Android system implements an install-time permission mechanism to provide users with an opportunity to deny potential risky permissions requested by an application. In order for both users and application vendors to make informed decisions, we designed and built Permlyzer, a general-purpose framework to automatically analyze the uses of requested permissions in Android applications. Permlyzer leverages the combination of runtime analysis and static examination to perform an accurate and in-depth analysis. The call stack-based analysis in Permlyzer can provide fine-grained information of the permission uses from various aspects include location, cause and purpose. More importantly, Permlyzer can automatically explore the functionality of an application and analyze the permission uses. Our evaluation using 51 malware/spyware families and over 110,000 Android applications demonstrates that Permlyzer can provide detailed permission use analysis and discover the characteristics of the permission uses in both benign and malicious applications.

Original languageEnglish (US)
Title of host publication2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013
Pages400-410
Number of pages11
DOIs
StatePublished - Dec 1 2013
Event2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013 - Pasadena, CA, United States
Duration: Nov 4 2013Nov 7 2013

Publication series

Name2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013

Other

Other2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013
CountryUnited States
CityPasadena, CA
Period11/4/1311/7/13

All Science Journal Classification (ASJC) codes

  • Software

Fingerprint Dive into the research topics of 'Permlyzer: Analyzing permission usage in Android applications'. Together they form a unique fingerprint.

  • Cite this

    Xu, W., Zhang, F., & Zhu, S. (2013). Permlyzer: Analyzing permission usage in Android applications. In 2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013 (pp. 400-410). [6698893] (2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013). https://doi.org/10.1109/ISSRE.2013.6698893