Autoper: Automatic Recommender For Runtime-Permission In Android Applications

Pennission mechanisms serve as the main measure to protect users privacy and security in Android applications. Modern smartphone operating systems (Android 6.0 and later versions) prompt users to regulate permissions using ask-on-first-use policy. Much research has been done to dynamically regulate permissions depending on user preferences and contexts in modern operation systems. However, all these techniques have limitations-they heavily rely on users' current or historical decisions on granting permissions, ignoring the fact that users are not experts on privacy protection, i.e., whether a permission shall be granted. In this work, we propose a system to automatically recommend runtime-permission to users. The main idea behind is that the application descriptions reflecting functional information can be used to analyze whether a permission is needed by the application. In more details, using description mining, we extract multiple topics and build a topic-permission mapper. Given an application as input, we first decide which topics it belongs to and then recommend the permissions according to the topic-permission mapper. As the output, besides binary recommendation of "allow" or "deny" recommendations, we provide explanations for the recommendations to uncover the reason for users. We implemented our approach in a tool-AutoPer, and evaluated the approach using 28,850 Android applications from Google Play. The experiments show that our approach achieves a fairly good performance with an accuracy of 81.0%, which demonstrates the effectiveness of AutoPer for permission recommendation.