How Do Apps Evolve in Their Permission Requests? A Preliminary Study

We present a preliminary study to understand how apps evolve in their permission requests across different releases. We analyze over 14K releases of 227 Android apps, and we see how permission requests change and how they are used. We find that apps tend to request more permissions in their evolution, and many of the newly requested permissions are initially overprivileged. Our qualitative analysis, however, shows that the results that popular tools report on overprivileged apps may be biased by incomplete information or by other factors. Finally, we observe that when apps no longer request a permission, it does not necessarily mean that the new release offers less in terms of functionalities.

[1]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[2]  Yves Le Traon,et al.  Automatically securing permission-based software by reducing the attack surface: an application to Android , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.

[3]  Jared Smith,et al.  A Dataset of Open-Source Android Applications , 2015, 2015 IEEE/ACM 12th Working Conference on Mining Software Repositories.

[4]  Michalis Faloutsos,et al.  Permission evolution in the Android ecosystem , 2012, ACSAC '12.

[5]  Huan Luo,et al.  Which Android App Store Can Be Trusted in China? , 2014, 2014 IEEE 38th Annual Computer Software and Applications Conference.

[6]  Zhen Huang,et al.  PScout: analyzing the Android permission specification , 2012, CCS.

[7]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[8]  Ivan Martinovic,et al.  A Longitudinal Study of App Permission Usage across the Google Play Store , 2016, ArXiv.

[9]  Jacques Klein,et al.  Empirical assessment of machine learning-based malware detectors for Android , 2014, Empirical Software Engineering.

[10]  Jacques Klein,et al.  AndroZoo: Collecting Millions of Android Apps for the Research Community , 2016, 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR).