Permlyzer

Analyzing permission usage in Android applications

Wei Xu, Fangfang Zhang, Sencun Zhu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

37 Citations (Scopus)

Abstract

As one of the most popular mobile platforms, the Android system implements an install-time permission mechanism to provide users with an opportunity to deny potential risky permissions requested by an application. In order for both users and application vendors to make informed decisions, we designed and built Permlyzer, a general-purpose framework to automatically analyze the uses of requested permissions in Android applications. Permlyzer leverages the combination of runtime analysis and static examination to perform an accurate and in-depth analysis. The call stack-based analysis in Permlyzer can provide fine-grained information of the permission uses from various aspects include location, cause and purpose. More importantly, Permlyzer can automatically explore the functionality of an application and analyze the permission uses. Our evaluation using 51 malware/spyware families and over 110,000 Android applications demonstrates that Permlyzer can provide detailed permission use analysis and discover the characteristics of the permission uses in both benign and malicious applications.

Original languageEnglish (US)
Title of host publication2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013
Pages400-410
Number of pages11
DOIs
StatePublished - Dec 1 2013
Event2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013 - Pasadena, CA, United States
Duration: Nov 4 2013Nov 7 2013

Publication series

Name2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013

Other

Other2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013
CountryUnited States
CityPasadena, CA
Period11/4/1311/7/13

Fingerprint

Malware

All Science Journal Classification (ASJC) codes

  • Software

Cite this

Xu, W., Zhang, F., & Zhu, S. (2013). Permlyzer: Analyzing permission usage in Android applications. In 2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013 (pp. 400-410). [6698893] (2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013). https://doi.org/10.1109/ISSRE.2013.6698893
Xu, Wei ; Zhang, Fangfang ; Zhu, Sencun. / Permlyzer : Analyzing permission usage in Android applications. 2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013. 2013. pp. 400-410 (2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013).
@inproceedings{02f808ae95bd4ae7b3102bd0d02ce5b9,
title = "Permlyzer: Analyzing permission usage in Android applications",
abstract = "As one of the most popular mobile platforms, the Android system implements an install-time permission mechanism to provide users with an opportunity to deny potential risky permissions requested by an application. In order for both users and application vendors to make informed decisions, we designed and built Permlyzer, a general-purpose framework to automatically analyze the uses of requested permissions in Android applications. Permlyzer leverages the combination of runtime analysis and static examination to perform an accurate and in-depth analysis. The call stack-based analysis in Permlyzer can provide fine-grained information of the permission uses from various aspects include location, cause and purpose. More importantly, Permlyzer can automatically explore the functionality of an application and analyze the permission uses. Our evaluation using 51 malware/spyware families and over 110,000 Android applications demonstrates that Permlyzer can provide detailed permission use analysis and discover the characteristics of the permission uses in both benign and malicious applications.",
author = "Wei Xu and Fangfang Zhang and Sencun Zhu",
year = "2013",
month = "12",
day = "1",
doi = "10.1109/ISSRE.2013.6698893",
language = "English (US)",
isbn = "9781479923663",
series = "2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013",
pages = "400--410",
booktitle = "2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013",

}

Xu, W, Zhang, F & Zhu, S 2013, Permlyzer: Analyzing permission usage in Android applications. in 2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013., 6698893, 2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013, pp. 400-410, 2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013, Pasadena, CA, United States, 11/4/13. https://doi.org/10.1109/ISSRE.2013.6698893

Permlyzer : Analyzing permission usage in Android applications. / Xu, Wei; Zhang, Fangfang; Zhu, Sencun.

2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013. 2013. p. 400-410 6698893 (2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Permlyzer

T2 - Analyzing permission usage in Android applications

AU - Xu, Wei

AU - Zhang, Fangfang

AU - Zhu, Sencun

PY - 2013/12/1

Y1 - 2013/12/1

N2 - As one of the most popular mobile platforms, the Android system implements an install-time permission mechanism to provide users with an opportunity to deny potential risky permissions requested by an application. In order for both users and application vendors to make informed decisions, we designed and built Permlyzer, a general-purpose framework to automatically analyze the uses of requested permissions in Android applications. Permlyzer leverages the combination of runtime analysis and static examination to perform an accurate and in-depth analysis. The call stack-based analysis in Permlyzer can provide fine-grained information of the permission uses from various aspects include location, cause and purpose. More importantly, Permlyzer can automatically explore the functionality of an application and analyze the permission uses. Our evaluation using 51 malware/spyware families and over 110,000 Android applications demonstrates that Permlyzer can provide detailed permission use analysis and discover the characteristics of the permission uses in both benign and malicious applications.

AB - As one of the most popular mobile platforms, the Android system implements an install-time permission mechanism to provide users with an opportunity to deny potential risky permissions requested by an application. In order for both users and application vendors to make informed decisions, we designed and built Permlyzer, a general-purpose framework to automatically analyze the uses of requested permissions in Android applications. Permlyzer leverages the combination of runtime analysis and static examination to perform an accurate and in-depth analysis. The call stack-based analysis in Permlyzer can provide fine-grained information of the permission uses from various aspects include location, cause and purpose. More importantly, Permlyzer can automatically explore the functionality of an application and analyze the permission uses. Our evaluation using 51 malware/spyware families and over 110,000 Android applications demonstrates that Permlyzer can provide detailed permission use analysis and discover the characteristics of the permission uses in both benign and malicious applications.

UR - http://www.scopus.com/inward/record.url?scp=84893330207&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84893330207&partnerID=8YFLogxK

U2 - 10.1109/ISSRE.2013.6698893

DO - 10.1109/ISSRE.2013.6698893

M3 - Conference contribution

SN - 9781479923663

T3 - 2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013

SP - 400

EP - 410

BT - 2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013

ER -

Xu W, Zhang F, Zhu S. Permlyzer: Analyzing permission usage in Android applications. In 2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013. 2013. p. 400-410. 6698893. (2013 IEEE 24th International Symposium on Software Reliability Engineering, ISSRE 2013). https://doi.org/10.1109/ISSRE.2013.6698893