Volume 17, No. 3, 2020

Predicting Unexpected Permission Authorization Of Android Application Using Machine Learning


Manisha Patil and Dhanya Pramod

Abstract

Purpose–One of the leading and popular operating system (OS) for mobile phones and tablets is Android OS. Since Android is an open-source platform, there is tremendous growth in its users and this has appealed to the attackers to target the platform. This paper focuses on the work done in the area of mobile app security analysis, by using permission-based static analysis of Android apps and further proposes a model to detect unauthorized permissions. Machine learning algorithms are used to train the models and further predict unexpected permissions in applications. Finally, results are compared with MalDAE frameworks results. Design/methodology/approach — this study examines more than two hundred smart phone apps, from the Play store, to detect unexpected permission authorization. Apps from various categories like Games, Entertainment, Education, Shopping, Tools, and the most popular free APKs have been studied. Also, reverse engineering was administered to all APK files and permission from each APK was extracted using the self-built tool: AndRev and Safe features were calculated using Virus Total tool. Further, extracted features were stored in a .csv file, and analysis is carried out using machine learning algorithms to predict unexpected permission authorization that may exploit the user's privacy. Findings –Three algorithms, namely, SMO, J48, and Decision Tree are applied on a Final dataset of 100 applications. Out of the three learning algorithms, the Decision Tree classifier gave the best results with a classification accuracy of 83%. Further, the study extended and six algorithms, namely, Logistic regression model, J48, SMO, Random Forest and Decision Table, Bagging Model with cross-validation, are applied on 250 applications. Out of the three learning algorithms, Bagging Model is giving the best results, with a classification accuracy of 88%. Originality/value—in this study, free mobile apps were analyzed for unexpected permission authorization. In the past several years, authors have analyzed these issues, but in this work, a tool to extract features from the apk file was designed and stored in a .csv file to ease analysis. Feature extraction tool can be used by data scientists for conducting future research. Also, most popular free mobile apps (more than a hundred) were analyzed and proposed machine learning predictive models for predicting user’s privacy using permissions data set of free mobile apps. Observations obtained from this security analysis would be useful to future android app developers.


Pages: 238-261

Keywords: Privacy, Mobile apps, Static Analysis, Permission, Android APK.

Full Text