Analysis of Android Applications' Permissions

Ryan Johnson, Zhaohui Wang, Corey Gagnon, Angelos Stavrou
2012 2012 IEEE Sixth International Conference on Software Security and Reliability Companion  
We developed an architecture that automatically searches for and downloads Android applications from the Android Market. Furthermore, we created a detailed mapping of Android application programming interface (API) calls to the required permission(s), if any, for each call. We then performed an analysis of 141,372 Android applications to determine if they have the appropriate set of permissions based on the static analysis of the APK bytecode of each application. Our findings indicate that the
more » ... ajority of mobile software developers are not using the correct permission set and that they either over-specify or under-specify their security requirements.
doi:10.1109/sere-c.2012.44 dblp:conf/ssiri/JohnsonWGS12 fatcat:vqezyef4vbfrde4qluq3zusria