P-Lint: A Permission Smell Detector for Android Applications
暂无分享,去创建一个
Android is built upon a permission-based structure, where apps require access to specific permissions in order to carry out specific functionality. While Android has provided a set of best practices intended to aid the developer in properly defining and manipulating these permissions on their source code, developers do not always adhere to these guidelines. Although some of the resulting issues may be minor and lead to slight user confusion, other mistakes may create more serious privacy and security related issues. We've defined improper usage of these permission best practices to be 'permission smells' to indicate possible permissions related syntactic issues and have created a tool P-Lint to assist in the identification of these smells on the source code. P-Lint's goal is to not only help developers create better, more secure apps by providing guidance on properly using permissions, but also in allowing researchers to better understand the common permission smells through empirical analysis on existing apps. P-Lint is available on our project website: https://p-lint.github.io.
[1] Zhen Huang,et al. PScout: analyzing the Android permission specification , 2012, CCS.
[2] Steve Hanna,et al. Android permissions demystified , 2011, CCS '11.