Towards automatic generation of security-centric descriptions for Android apps

Mu Zhang, Yue Duan, Qian Feng, Heng Yin

Research output: Chapter in Book/Report/Conference proceedingConference contribution

41 Scopus citations

Abstract

To improve the security awareness of end users, Android markets directly present two classes of literal app information: 1) permission requests and 2) textual descriptions. Unfortunately, neither can serve the needs. A permission list is not only hard to understand but also inadequate; textual descriptions provided by developers are not security-centric and are significantly deviated from the permissions. To fill in this gap, we propose a novel technique to automatically generate security-centric app descriptions, based on program analysis. We implement a prototype system, DESCRIBEME, and evaluate our system using both DroidBench and real-world Android apps. Experimental results demonstrate that DESCRIBEME enables a promising technique which bridges the gap between descriptions and permissions. A further user study shows that automatically produced descriptions are not only readable but also effectively help users avoid malware and privacy-breaching apps.

Original languageEnglish (US)
Title of host publicationProceedings of the ACM Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery
Pages518-529
Number of pages12
Volume2015-October
ISBN (Print)9781450338325
DOIs
StatePublished - Oct 12 2015
Event22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015 - Denver, United States
Duration: Oct 12 2015Oct 16 2015

Other

Other22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015
CountryUnited States
CityDenver
Period10/12/1510/16/15

Keywords

  • Android
  • Malware prevention
  • Natural language generation
  • Program analysis
  • Subgraph mining
  • Textual description

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Towards automatic generation of security-centric descriptions for Android apps'. Together they form a unique fingerprint.

  • Cite this

    Zhang, M., Duan, Y., Feng, Q., & Yin, H. (2015). Towards automatic generation of security-centric descriptions for Android apps. In Proceedings of the ACM Conference on Computer and Communications Security (Vol. 2015-October, pp. 518-529). Association for Computing Machinery. https://doi.org/10.1145/2810103.2813669