Understanding Privacy Awareness in Android App Descriptions Using Deep Learning

Johannes Feichtner, Stefan Gruber

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review

Abstract

Permissions are a key factor in Android to protect users' privacy. As it is often not obvious why applications require certain permissions, developer-provided descriptions in Google Play and third-party markets should explain to users how sensitive data is processed. Reliably recognizing whether app descriptions cover permission usage is challenging due to the lack of enforced quality standards and a variety of ways developers can express privacy-related facts.

We introduce a machine learning-based approach to identify critical discrepancies between developer-described app behavior and permission usage. By combining state-of-the-art techniques in natural language processing (NLP) and deep learning, we design a convolutional neural network (CNN) for text classification that captures the relevance of words and phrases in app descriptions in relation to the usage of dangerous permissions. Our system predicts the likelihood that an app requires certain permissions and can warn about descriptions in which the requested access to sensitive user data and system features is textually not represented.

We evaluate our solution on 77,000 real-world app descriptions and find that we can identify individual groups of dangerous permissions with a precision between 71% and 93%. To highlight the impact of individual words and phrases, we employ a model explanation algorithm and demonstrate that our technique can successfully bridge the semantic gap between described app functionality and its access to security- and privacy-sensitive resources.
Original languageEnglish
Title of host publicationCODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy
Place of PublicationNew York
PublisherAssociation of Computing Machinery
Pages203-214
Number of pages12
ISBN (Electronic)978-1-4503-7107-0
DOIs
Publication statusPublished - 16 Mar 2020
Event10th ACM Conference on Data and Application Security and Privacy - New Orleans, Virtuell, United States
Duration: 3 Aug 20204 Aug 2020
Conference number: 20
http://www.codaspy.org/2020/

Publication series

NameCODASPY 2020 - Proceedings of the 10th ACM Conference on Data and Application Security and Privacy

Conference

Conference10th ACM Conference on Data and Application Security and Privacy
Abbreviated titleCODASPY
Country/TerritoryUnited States
CityNew Orleans, Virtuell
Period3/08/204/08/20
Internet address

Keywords

  • Android
  • Machine Learning
  • Description
  • Permission
  • NLP
  • CNN
  • cnn
  • nlp
  • android
  • description
  • permission
  • machine learning

ASJC Scopus subject areas

  • Software
  • Computer Science Applications

Fingerprint

Dive into the research topics of 'Understanding Privacy Awareness in Android App Descriptions Using Deep Learning'. Together they form a unique fingerprint.
  • A-SIT - Secure Information Technology Center Austria

    Stranacher, K., Dominikus, S., Leitold, H., Marsalek, A., Teufl, P., Bauer, W., Aigner, M. J., Rössler, T., Neuherz, E., Dietrich, K., Zefferer, T., Mangard, S., Payer, U., Orthacker, C., Lipp, P., Reiter, A., Knall, T., Bratko, H., Bonato, M., Suzic, B., Zwattendorfer, B., Kreuzhuber, S., Oswald, M. E., Tauber, A., Posch, R., Bratko, D., Feichtner, J., Ivkovic, M., Reimair, F., Wolkerstorfer, J. & Scheibelhofer, K.

    21/05/9931/12/24

    Project: Research area

Cite this