Overview / Usage

Breach of security or privacy by Android apps due to misuse of the permissions granted to them is a common occurrence. In this paper, we presented a solution in which the user would be suggested which permissions they should give to a particular app. We did this by categorizing the apps in the Google Play Store and identifying minimum permissions that a category requires. Using this approach, we were able to identify apps that take permission/s that may compromise user A - Z privacy. On the application level, we implemented a data collector app for effective collection of data and a user facing app for recommending the permissions. We presented several examples of apps and permissions which validated our system.

Methodology / Approach

Google Play Store categories app into categories like Sports, Arcade, Education, Travel & Local etc. These categories are specified by the developer while deploying the app to the play store. We used the category information to create a cluster of apps. Simply speaking, apps belonging to the same category were in the same cluster. Given the dangerous permissions that the apps were having in each category, we created a vector of dangerous permissions which would represent a category and which would contain the least amount of dangerous permissions to be required for the functioning of apps in that category. The comparison of this vector with each app in a category would tell how much that app deviated from the base i.e which all dangerous permissions the app requests, which are not required for the app to do the basic work that it is intended to do. We developed an app which would scrap all the installed apps on the user’s phone and upload it to our Google Sheets. We are not taking any permission except the mandatory INTERNET permission which is not a dangerous permission. The app uses the PackageManager class to get a list of all installed packages. To get the category information of an app, we parsed the Google Play Store web page in our app using an open source library Jsoup.
Analyzing the data for creating a recommendation matrix is a critical part of the entire process. Clustering users based on the permission they give to an app was the initial experiment we conducted. The permissions granted by a user to an app were collected. From these permissions,we assigned a category to each user based on the apps he’d rated. However, this process didn’t work out as it’s not true that a user who gives less permission to an app is always more technically sound than a user who gives more permission. An item-item based recommendation approach suited our problem better. In this approach, the similarity or the lack of it between the apps allowed us to generate the permissions that should not be given to an app for normal functioning. Using numpy and panda libraries for exploring the database.
An app that recommends user whether or not to grant a specific permission to a specific app. In short, the front-end of our system. There are three scenarios which we have taken care of while recommending the permission: (i)When the app that the user has installed is there in our recommendation matrix, we show the app name and the permission they shouldn’t give to that app. (ii)If the app doesn’t request any non-essential permission (i.e there are all 0’s in the rows corresponding to the app), we show the user that the app is safe to use). (iii)When the app that the user has installed is not in our database, we simply report this to the user.

Technologies Used

Android Studio, Google PlayStore APIs, Jupyter Notebook, Python, Java, Jsoup, Numpy, Pandas

Other links

• Permission recommender system for Android