WHYPER: Towards automating risk assessment of mobile applications

Rahul Pandita, Xusheng Xiao, Wei Yang, William Enck, Tao Xie

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Application markets such as Apple's App Store and Google's Play Store have played an important role in the popularity of smartphones and mobile devices. However, keeping malware out of application markets is an ongoing challenge. While recent work has developed various techniques to determine what applications do, no work has provided a technical approach to answer, what do users expect? In this paper, we present the first step in addressing this challenge. Specifically, we focus on permissions for a given application and examine whether the application description provides any indication for why the application needs a permission. We present WHY-PER, a framework using Natural Language Processing (NLP) techniques to identify sentences that describe the need for a given permission in an application description. WHYPER achieves an average precision of 82.8%, and an average recall of 81.5% for three permissions (address book, calendar, and record audio) that protect frequently-used security and privacy sensitive resources. These results demonstrate great promise in using NLP techniques to bridge the semantic gap between user expectations and application functionality, further aiding the risk assessment of mobile applications.

Original languageEnglish (US)
Title of host publicationProceedings of the 22nd USENIX Security Symposium
PublisherUSENIX Association
Pages527-542
Number of pages16
ISBN (Electronic)9781931971034
StatePublished - 2013
Externally publishedYes
Event22nd USENIX Security Symposium - Washington, United States
Duration: Aug 14 2013Aug 16 2013

Publication series

NameProceedings of the 22nd USENIX Security Symposium

Conference

Conference22nd USENIX Security Symposium
CountryUnited States
CityWashington
Period8/14/138/16/13

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'WHYPER: Towards automating risk assessment of mobile applications'. Together they form a unique fingerprint.

Cite this