research-article

How do apps evolve in their permission requests?: a preliminary study

Authors:

Paolo Calciati,

Alessandra GorlaAuthors Info & Claims

MSR '17: Proceedings of the 14th International Conference on Mining Software Repositories

Pages 37 - 41

https://doi.org/10.1109/MSR.2017.64

Published: 20 May 2017 Publication History

Get Access

Abstract

We present a preliminary study to understand how apps evolve in their permission requests across different releases. We analyze over 14K releases of 227 Android apps, and we see how permission requests change and how they are used. We find that apps tend to request more permissions in their evolution, and many of the newly requested permissions are initially overprivileged. Our qualitative analysis, however, shows that the results that popular tools report on overprivileged apps may be biased by incomplete information or by other factors. Finally, we observe that when apps no longer request a permission, it does not necessarily mean that the new release offers less in terms of functionalities.

References

[1]

K. Allix, T. F. Bissyandé, Q. Jérome, J. Klein, R. State, and Y. L. Traon. Empirical assessment of machine learning-based malware detectors for android - measuring the gap between in-the-lab and in-the-wild validation scenarios. Empirical Software Engineering, 21(1):183--211, 2016.

Digital Library

Google Scholar

[2]

K. Allix, T. F. Bissyandé, J. Klein, and Y. Le Traon. AndroZoo: Collecting millions of android apps for the research community. In Proceedings of the 13th International Conference on Mining Software Repositories, MSR '16, pages 468--471, New York, NY, USA, 2016. ACM.

Digital Library

Google Scholar

[3]

K. W. Y. Au, Y. F. Zhou, Z. Huang, and D. Lie. PScout: analyzing the Android permission specification. In Proceedings of the 19th Conference on Computer and Communications Security (CCS), pages 217--228, New York, NY, USA, 2012. ACM.

Digital Library

Google Scholar

[4]

A. Bartel, J. Klein, M. Monperrus, and Y. Le Traon. Automatically securing permission-based software by reducing the attack surface: An application to Android. pages 274--277, 2012.

Digital Library

Google Scholar

[5]

A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android permissions demystified. In Proceedings of the 18th Conference on Computer and Communications Security (CCS), pages 627--638, New York, NY, USA, 2011. ACM.

Digital Library

Google Scholar

[6]

D. E. Krutz, M. Mirakhorli, S. A. Malachowsky, A. Ruiz, J. Peterson, A. Filipski, and J. Smith. A dataset of open-source android applications. In Proceedings of the 12th Working Conference on Mining Software Repositories, MSR '15, pages 522--525, Piscataway, NJ, USA, 2015. IEEE Press.

Digital Library

Google Scholar

[7]

Y. Y. Ng, H. Zhou, Z. Ji, H. Luo, and Y. Dong. Which android app store can be trusted in china? In Proceedings of the 2014 IEEE 38th Annual Computer Software and Applications Conference, COMPSAC '14, pages 509--518, Washington, DC, USA, 2014. IEEE Computer Society.

Digital Library

Google Scholar

[8]

V. F. Taylor and I. Martinovic. A longitudinal study of app permission usage across the google play store. CoRR, abs/1606.01708, 2016.

Google Scholar

[9]

X. Wei, L. Gomez, I. Neamtiu, and M. Faloutsos. Permission evolution in the android ecosystem. In Proceedings of the 28th Annual Computer Security Applications Conference, ACSAC '12, pages 31--40, New York, NY, USA, 2012. ACM.

Digital Library

Google Scholar

[10]

Y. Zhou, Z. Wang, W. Zhou, and X. Jiang. Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets. In NDSS. The Internet Society, 2012.

Google Scholar

Cited By

View all

Alecci MJiménez PAllix KBissyandé TKlein JSpinellis DConstantinou EBacchelli A(2024)AndroZoo: A Retrospective with a Glimpse into the FutureProceedings of the 21st International Conference on Mining Software Repositories10.1145/3643991.3644863(389-393)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1145/3643991.3644863
Chen XChen WLiu KChen CLi LHung CHong JBechini ASong E(2021)A comparative study of smartphone and smartwatch appsProceedings of the 36th Annual ACM Symposium on Applied Computing10.1145/3412841.3442023(1484-1493)Online publication date: 22-Mar-2021
https://dl.acm.org/doi/10.1145/3412841.3442023
Mateus BMartinez M(2020)On the adoption, usage and evolution of Kotlin features in Android developmentProceedings of the 14th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)10.1145/3382494.3410676(1-12)Online publication date: 5-Oct-2020
https://dl.acm.org/doi/10.1145/3382494.3410676
Show More Cited By

Recommendations

Reducing Permission Requests in Mobile Apps
IMC '19: Proceedings of the Internet Measurement Conference

Users of mobile apps sometimes express discomfort or concerns with what they see as unnecessary or intrusive permission requests by certain apps. However encouraging mobile app developers to request fewer permissions is challenging because there are ...
Vetting undesirable behaviors in android apps with permission use analysis
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Android platform adopts permissions to protect sensitive resources from untrusted apps. However, after permissions are granted by users at install time, apps could use these permissions (sensitive resources) with no further restrictions. Thus, recent ...
Permission Use Analysis for Vetting Undesirable Behaviors in Android Apps

The android platform adopts permissions to protect sensitive resources from untrusted apps. However, after permissions are granted by users at install time, apps could use these permissions (sensitive resources) with no further restrictions. Thus, ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

MSR '17: Proceedings of the 14th International Conference on Mining Software Repositories

May 2017

567 pages

ISBN:9781538615447

General Chair:
Jesus M. Gonzalez-Barahona
Universidad Rey Juan Carlos
,
Program Chairs:
Abram Hindle
University of Alberta
,
Lin Tan
University of Waterloo

Publisher

IEEE Press

Publication History

Published: 20 May 2017

Check for updates

Qualifiers

Research-article

Conference

ICSE '17

Sponsor:

SIGSOFT
IEEE-CS
SADIO

ICSE '17: 39th International Conference on Software Engineering

May 20 - 28, 2017

Buenos Aires, Argentina

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
116
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Alecci MJiménez PAllix KBissyandé TKlein JSpinellis DConstantinou EBacchelli A(2024)AndroZoo: A Retrospective with a Glimpse into the FutureProceedings of the 21st International Conference on Mining Software Repositories10.1145/3643991.3644863(389-393)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1145/3643991.3644863
Chen XChen WLiu KChen CLi LHung CHong JBechini ASong E(2021)A comparative study of smartphone and smartwatch appsProceedings of the 36th Annual ACM Symposium on Applied Computing10.1145/3412841.3442023(1484-1493)Online publication date: 22-Mar-2021
https://dl.acm.org/doi/10.1145/3412841.3442023
Mateus BMartinez M(2020)On the adoption, usage and evolution of Kotlin features in Android developmentProceedings of the 14th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)10.1145/3382494.3410676(1-12)Online publication date: 5-Oct-2020
https://dl.acm.org/doi/10.1145/3382494.3410676
Calciati PKuznetsov KGorla AZeller A(2020)Automatically Granted Permissions in Android appsProceedings of the 17th International Conference on Mining Software Repositories10.1145/3379597.3387469(114-124)Online publication date: 29-Jun-2020
https://dl.acm.org/doi/10.1145/3379597.3387469
Gao JLi LKong PBissyandé TKlein JDevanbu PCohen MZimmermann T(2020)Borrowing your enemy’s arrows: the case of code reuse in Android via direct inter-app code invocationProceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3368089.3409745(939-951)Online publication date: 8-Nov-2020
https://dl.acm.org/doi/10.1145/3368089.3409745
Li TZhang MCao HLi YTarkoma SHui P(2020)”What Apps Did You Use?”: Understanding the Long-term Evolution of Mobile App UsageProceedings of The Web Conference 202010.1145/3366423.3380095(66-76)Online publication date: 20-Apr-2020
https://dl.acm.org/doi/10.1145/3366423.3380095
Domínguez-Álvarez DGorla ASarro FNayebi M(2019)Release practices for iOS and Android appsProceedings of the 3rd ACM SIGSOFT International Workshop on App Market Analytics10.1145/3340496.3342762(15-18)Online publication date: 27-Aug-2019
https://dl.acm.org/doi/10.1145/3340496.3342762
Wang HLi HGuo Y(2019)Understanding the Evolution of Mobile App Ecosystems: A Longitudinal Measurement Study of Google PlayThe World Wide Web Conference10.1145/3308558.3313611(1988-1999)Online publication date: 13-May-2019
https://dl.acm.org/doi/10.1145/3308558.3313611
Scoccia GPeruma APujols VChristians BKrutz DStorey MAdams BHaiduc S(2019)An empirical history of permission requests and mistakes in open source Android appsProceedings of the 16th International Conference on Mining Software Repositories10.1109/MSR.2019.00090(597-601)Online publication date: 26-May-2019
https://dl.acm.org/doi/10.1109/MSR.2019.00090
Gao JKong PLi LBissyandé TKlein JStorey MAdams BHaiduc S(2019)Negative results on mining crypto-API usage rules in Android appsProceedings of the 16th International Conference on Mining Software Repositories10.1109/MSR.2019.00065(388-398)Online publication date: 26-May-2019
https://dl.acm.org/doi/10.1109/MSR.2019.00065
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Recommendations

Reducing Permission Requests in Mobile Apps

Vetting undesirable behaviors in android apps with permission use analysis

Permission Use Analysis for Vetting Undesirable Behaviors in Android Apps