Analysis of Android Applications' Permissions
作者: Ryan Johnson , Zhaohui Wang , Corey Gagnon , Angelos Stavrou
关键词: Computer science 、 Java 、 Permission 、 Static analysis 、 Android application 、 Operating system 、 Mobile computing 、 Software 、 Bytecode 、 Android (operating system)
摘要: We developed an architecture that automatically searches for and downloads Android applications from the Market. Furthermore, we created a detailed mapping of application programming interface (API) calls to required permission(s), if any, each call. then performed analysis 141,372 determine they have appropriate set permissions based on static APK bytecode application. Our findings indicate majority mobile software developers are notusing correct permission either over-specify or under-specify their security requirements.
sci-hub.se 参考文章(4)
J.H. Saltzer, M.D. Schroeder, The protection of information in computer systems Proceedings of the IEEE. ,vol. 63, pp. 1278- 1308 ,(1975) , 10.1109/PROC.1975.9939
Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner, Android permissions demystified Proceedings of the 18th ACM conference on Computer and communications security - CCS '11. pp. 627- 638 ,(2011) , 10.1145/2046707.2046779
Jien-Tsai Chan, Wuu Yang, None, Advanced obfuscation techniques for Java bytecode Journal of Systems and Software. ,vol. 71, pp. 1- 10 ,(2004) , 10.1016/S0164-1212(02)00066-3
Kathy Wain Yee Au, Yi Fan Zhou, Zhen Huang, Phillipa Gill, David Lie, Short paper Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices - SPSM '11. pp. 63- 68 ,(2011) , 10.1145/2046614.2046626