An Rnn-Based Approach for Dıscoverıng Inconsıstencıes Between Permıssıons and Metadata In Androıd Applıcatıons

Abstract

Since mobile devices are increasingly on hand today, users have become more heavily involved with their use in accessing the Internet. Today, most mobile devices use the Android operating system. On mobile devices, users' needs are generally met through the use of mobile applications, and this brings along a large number of mobile applications customized for our needs. Applications, more commonly referred to as "apps", are usually downloaded from an Application Store. These application stores came into existence in order for users to discover what is available through a single location, and to download any apps they may want. Application stores offer a wide range of apps, customized for almost everyone's various needs. Stores such as Android's official market store, known as "Google Play," and Apple's official market store, known as "App Store", provide a practical outlet for developers to present their applications to users worldwide. In addition to the apps, these markets include other resources known as metadata, which provide information about each app such as the application description, user comments, and the corresponding application score. However, as an inevitable consequence of their design and function, application stores also provide developers of malicious software the opportunity to introduce harmful or unsafe applications to a wide and largely unsuspecting audience. Application stores utilize certain security precautions in order to keep the store clean and to steer genuine store users away from harmful content. In addition, there are also certain security precautions installed on handheld devices. With the Android mobile operating system, "permissions" are used in order to prevent users from installing apps that might violate the user's privacy by raising their awareness. When installing an app (or when an app is running), users are notified of any permission requests from apps that are perceived as being dangerous (i.e., permissions to access critical system resources or privacy-sensitive user data). These permissions are requested by apps in order to use application programming interfaces (APIs) that access critical system resources or sensitive user data. From a privacy and security perspective, if the functionality of an app is sufficiently detailed in its description, the need for the requested permissions can be readily understood by the user. This is defined as description-to-permission fidelity in the literature. In the current study, a novel approach for the description-to-permission fidelity problem is proposed in order to identify inconsistencies between requested permissions and application metadata by using natural language processing techniques and recurrent neural networks. Besides application descriptions, the effect of user reviews on discovering such inconsistencies is also investigated. The experimental results show that the proposed approach achieves a high degree of accuracy in detecting permission expressions from application metadata, and could therefore be applied for the protection of user privacy and security.