Papilio: Visualizing Android Application Permissions

We introduce Papilio, a new visualization technique for visualizing permissions of real‐world Android applications. We explore the development of layouts that exploit the directed acyclic nature of Android application permission data to develop a new explicit layout technique that incorporates aspects of set membership, node‐link diagrams and matrix layouts. By grouping applications based on sets of requested permissions, a structure can be formed with partially ordered relations. The Papilio layout shows sets of applications centrally, the relations among applications on one side and application permissions, as the reason behind the existence of the partial order, on the other side. Using Papilio to explore a set of Android applications as a case study has led to new security findings regarding permission usage by Android applications.

[1]  R. Wille Concept lattices and conceptual knowledge systems , 1992 .

[2]  Philippe Castagliola,et al.  A Comparison of the Readability of Graphs Using Node-Link and Matrix-Based Representations , 2004, IEEE Symposium on Information Visualization.

[3]  Peter W. Eklund,et al.  A Survey of Hybrid Representations of Concept Lattices in Conceptual Knowledge Processing , 2010, ICFCA.

[4]  Roberto Tamassia,et al.  Graph Drawing for Security Visualization , 2009, GD.

[5]  Ivan Herman,et al.  Graph Visualization and Navigation in Information Visualization: A Survey , 2000, IEEE Trans. Vis. Comput. Graph..

[6]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[7]  Erkki Mäkinen,et al.  Constructing and Reconstructing the Reorderable Matrix , 2005, Inf. Vis..

[8]  Arjan Kuijper,et al.  Visual Analysis of Large Graphs: State‐of‐the‐Art and Future Research Challenges , 2011, Eurographics.

[9]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[10]  Pierre Dragicevic,et al.  GeneaQuilts: A System for Exploring Large Genealogies , 2010, IEEE Transactions on Visualization and Computer Graphics.

[11]  M. Sheelagh T. Carpendale,et al.  A set of multi-touch graph interaction techniques , 2010, ITS '10.

[12]  Jean-Daniel Fekete,et al.  NodeTrix: a Hybrid Visualization of Social Networks , 2007, IEEE Transactions on Visualization and Computer Graphics.

[13]  Lorrie Faith Cranor,et al.  "Little brothers watching you": raising awareness of data leaks on smartphones , 2013, SOUPS.

[14]  Theresa-Marie Rhyne,et al.  Visualizing very large layered graphs with quilts , 2008 .

[15]  W. Bradford Paley,et al.  TextArc: Showing Word Frequency and Distribution in Text , 2002 .

[16]  Emden R. Gansner,et al.  A Technique for Drawing Directed Graphs , 1993, IEEE Trans. Software Eng..

[17]  Chris North,et al.  The Value of Information Visualization , 2008, Information Visualization.

[18]  Michael Kaufmann,et al.  Improving Layered Graph Layouts with Edge Bundling , 2010, GD.

[19]  Philippe Castagliola,et al.  On the Readability of Graphs Using Node-Link and Matrix-Based Representations: A Controlled Experiment and Statistical Analysis , 2005, Inf. Vis..

[21]  Paul C. van Oorschot,et al.  A methodology for empirical analysis of permission-based security models and its application to android , 2010, CCS '10.

[22]  Edward M. Reingold,et al.  Graph drawing by force‐directed placement , 1991, Softw. Pract. Exp..

[23]  Patrick Baudisch,et al.  Halo: a technique for visualizing off-screen objects , 2003, CHI '03.

[24]  Benjamin Watson,et al.  Developing and Evaluating Quilts for the Depiction of Large Layered Graphs , 2011, IEEE Transactions on Visualization and Computer Graphics.

[25]  P. John Clarkson,et al.  Matrices or Node-Link Diagrams: Which Visual Representation is Better for Visualising Connectivity Models? , 2006, Inf. Vis..

[26]  Jarke J. van Wijk,et al.  Compressed Adjacency Matrices: Untangling Gene Regulatory Networks , 2012, IEEE Transactions on Visualization and Computer Graphics.

[27]  Mitsuhiko Toda,et al.  Methods for Visual Understanding of Hierarchical System Structures , 1981, IEEE Transactions on Systems, Man, and Cybernetics.

[28]  Oliver Bastert,et al.  Layered Drawings of Digraphs , 1999, Drawing Graphs.

[29]  Teuvo Kohonen,et al.  Self-Organizing Maps , 2010 .

[30]  Lawrence A. Rowe,et al.  A browser for directed graphs , 1987, Softw. Pract. Exp..

[31]  Amedeo Napoli,et al.  Many-Valued Concept Lattices for Conceptual Clustering and Information Retrieval , 2008, ECAI.