Alexandre Bartel   Home   Publications   Students   Service   Teaching   Contact

Android Permission Map

Original Conference Paper

The journal paper is an extension of the following ASE 2012 conference paper.

Abstract: In the permission-based security model (used e.g. in Android and Blackberry), applications can be granted more permissions than they actually need, what we call a "permission gap". Malware can leverage the unused permissions for achieving their malicious goals, for instance using code injection. In this paper, we present an approach to detecting permission gaps using static analysis. Using our tool on a dataset of Android applications, we found out that a non negligible part of applications suffers from permission gaps, i.e. does not use all the permissions they declare.

• A. Bartel, J. Klein, M. Monperrus, Y. Le Traon: Automatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Android, in the IEEE/ACM International Conference on Automated Software Engineering, ASE '12, Sep. 2012, Essen, Germany. [bib] [pdf]

Experiments Data

Entry Points

Each class of the Android API has methods. To ease the analysis, a wrapper class W is created for each class C of the API. Each wrapper contains one method which creates an object o of type C and calls all methods from class C on object o. What we call entry point is a couple wrapper, method. The original API class is identified by its wrapper method signature. The method is identified by the signature from its declaring class. For instance, for the following entry point: 

<Wrapper_android_app_AlertDialog: void test_android_app_AlertDialog()> -> <android.app.Dialog: android.app.ActionBar getActionBar()>

the class is identified by:

<Wrapper_android_app_AlertDialog: void test_android_app_AlertDialog()>

(the original class is android.app.AlertDialog) and the method by: 

<android.app.Dialog: android.app.ActionBar getActionBar()>

This entry point corresponds to the method getActionBar defined in class android.app.Dialog called from an object of type android.app.AlertDialog. The 'real' method signature would be: 

<android.app.AlertDialog: android.app.ActionBar getActionBar()>

Android 4.0.1 API Map

• [CHA-Naive map]

• [CHA-Android map]

• [Spark-Android map]

Android "android-m-preview-patch" Map

• [Spark-Android map]