TY - GEN
T1 - Towards automatic generation of security-centric descriptions for Android apps
AU - Zhang, Mu
AU - Duan, Yue
AU - Feng, Qian
AU - Yin, Heng
N1 - Publisher Copyright:
© 2015 ACM.
PY - 2015/10/12
Y1 - 2015/10/12
N2 - To improve the security awareness of end users, Android markets directly present two classes of literal app information: 1) permission requests and 2) textual descriptions. Unfortunately, neither can serve the needs. A permission list is not only hard to understand but also inadequate; textual descriptions provided by developers are not security-centric and are significantly deviated from the permissions. To fill in this gap, we propose a novel technique to automatically generate security-centric app descriptions, based on program analysis. We implement a prototype system, DESCRIBEME, and evaluate our system using both DroidBench and real-world Android apps. Experimental results demonstrate that DESCRIBEME enables a promising technique which bridges the gap between descriptions and permissions. A further user study shows that automatically produced descriptions are not only readable but also effectively help users avoid malware and privacy-breaching apps.
AB - To improve the security awareness of end users, Android markets directly present two classes of literal app information: 1) permission requests and 2) textual descriptions. Unfortunately, neither can serve the needs. A permission list is not only hard to understand but also inadequate; textual descriptions provided by developers are not security-centric and are significantly deviated from the permissions. To fill in this gap, we propose a novel technique to automatically generate security-centric app descriptions, based on program analysis. We implement a prototype system, DESCRIBEME, and evaluate our system using both DroidBench and real-world Android apps. Experimental results demonstrate that DESCRIBEME enables a promising technique which bridges the gap between descriptions and permissions. A further user study shows that automatically produced descriptions are not only readable but also effectively help users avoid malware and privacy-breaching apps.
KW - Android
KW - Malware prevention
KW - Natural language generation
KW - Program analysis
KW - Subgraph mining
KW - Textual description
UR - http://www.scopus.com/inward/record.url?scp=84954192491&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84954192491&partnerID=8YFLogxK
U2 - 10.1145/2810103.2813669
DO - 10.1145/2810103.2813669
M3 - Conference contribution
AN - SCOPUS:84954192491
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 518
EP - 529
BT - CCS 2015 - Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security
PB - Association for Computing Machinery
T2 - 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015
Y2 - 12 October 2015 through 16 October 2015
ER -