SCIENCE CHINA Information Sciences, Volume 60, Issue 9: 092110(2017) https://doi.org/10.1007/s11432-016-9072-3

## Automated Android application permission recommendation

David LO2, Xin XIA1,3,*,
• AcceptedApr 18, 2017
• PublishedJul 28, 2017
Share
Rating

### Abstract

The number of Android applications has increased rapidly as Android is becoming the dominant platform in the smartphone market. Security and privacy are key factors for an Android application to be successful.Android provides a permission mechanism to ensure security and privacy.This permission mechanism requires that developers declare the sensitive resources required by their applications.On installation or during runtime, users are required to agree with the permission request.However, in practice, there are numerous popular permission misuses, despite Android introducing official documents stating how to use these permissions properly.Some data mining techniques (e.g., association rule mining) have been proposed to help better recommend permissions required by an API.In this paper, based on popular techniques used to build recommendation systems, we propose two novel approaches to improve the effectiveness of the prior work. The first approach utilizes a collaborative filtering technique, which is inspired by the intuition that apps that have similar features — inferred from their APIs — usually share similar permissions.The second approach recommends permissions based on a text mining technique that uses a naive Bayes multinomial classification algorithm to build a prediction model by analyzing descriptions of apps.To evaluate these two approaches, we use 936 Android apps from F-Droid, which is a repository of free and open source Android applications. We find that our proposed approaches yield a significant improvement in terms of precision, recall, F1-score, and MAP of the top-$k$ results over the baseline approach.

### Acknowledgment

This work was supported by National Natural Science Foundation of China (Grant Nos. 61602403, 61572426), and National Key Technology R&D Program of the Ministry of Science and Technology of China (Grant No. 2015BAH17F01).

• Figure 1

Example of a readme file of an app.

• Figure 2

The framework of ${\rm APRec}^{\rm RULE}$.

• Figure 3

The framework of ${\rm APRec}^{\rm CF}$.

• Figure 4

The framework of ${\rm APRec}^{\rm TEXT}$.

• Figure 5

(Color online) The results of (a) top (1–10) precision, (b) recall, and (c) F1-score.

• Figure 6

(Color online) (a) F1-score@5, (b) F1-score@10, and (c) MAP for $N$-Fold cross-validation.

• Figure 7

(Color online) (a) F1-score@5, (b) F1-score@10, and (c) MAP results for different numbers of the nearest neighbors.

Citations

• #### 0

Altmetric

Copyright 2019 Science China Press Co., Ltd. 《中国科学》杂志社有限责任公司 版权所有