Automatic permission inference for hybrid mobile apps

Jian Mao; Hanjun Ma; Yue Chen; Yaoqi Jia; Zhenkai Liang

doi:10.3233/JHS-160538

Automatic permission inference for hybrid mobile apps

Jian Mao^*
, Hanjun Ma
, Yue Chen
, Yaoqi Jia
, Zhenkai Liang

^*Corresponding author for this work

School of Cyber Science and Technology

Beihang University
National University of Singapore

Research output: Contribution to journal › Article › peer-review

6 Scopus citations

Abstract

The application permission system is one of the key components of Android security. Developers often use it incorrectly and claim more permissions than necessary, due to limitations of developers' knowledge and development tools. When application's vulnerabilities are exploited, the additional permissions give attackers more capability to carry out attacks. Hybrid mobile applications (apps) are a class of mobile apps that are built from web technologies, such as HTML, JavaScript, and CSS. In such applications, it is often easier to inject third-party code through vulnerabilities. When developers do not specify app's permissions correctly, the injected code will result in dangerous actions breaching system security. In this paper, we develop an automatic tool to assist developers to identify the permissions required by the apps based on the hybrid mobile apps' runtime permission checking.

Original language	English
Pages (from-to)	55-64
Number of pages	10
Journal	Journal of High Speed Networks
Volume	22
Issue number	1
DOIs	https://doi.org/10.3233/JHS-160538
State	Published - 10 Feb 2016

Keywords

Android
Hybrid mobile app
automatic tool
permission
security

Access to Document

10.3233/JHS-160538

Cite this

@article{2448bb96d93b4fe4a9377c501062ef67,

title = "Automatic permission inference for hybrid mobile apps",

abstract = "The application permission system is one of the key components of Android security. Developers often use it incorrectly and claim more permissions than necessary, due to limitations of developers' knowledge and development tools. When application's vulnerabilities are exploited, the additional permissions give attackers more capability to carry out attacks. Hybrid mobile applications (apps) are a class of mobile apps that are built from web technologies, such as HTML, JavaScript, and CSS. In such applications, it is often easier to inject third-party code through vulnerabilities. When developers do not specify app's permissions correctly, the injected code will result in dangerous actions breaching system security. In this paper, we develop an automatic tool to assist developers to identify the permissions required by the apps based on the hybrid mobile apps' runtime permission checking.",

keywords = "Android, Hybrid mobile app, automatic tool, permission, security",

author = "Jian Mao and Hanjun Ma and Yue Chen and Yaoqi Jia and Zhenkai Liang",

year = "2016",

month = feb,

day = "10",

doi = "10.3233/JHS-160538",

language = "英语",

volume = "22",

pages = "55--64",

journal = "Journal of High Speed Networks",

issn = "0926-6801",

publisher = "SAGE Publications Ltd",

number = "1",

}

TY - JOUR

T1 - Automatic permission inference for hybrid mobile apps

AU - Mao, Jian

AU - Ma, Hanjun

AU - Chen, Yue

AU - Jia, Yaoqi

AU - Liang, Zhenkai

PY - 2016/2/10

Y1 - 2016/2/10

N2 - The application permission system is one of the key components of Android security. Developers often use it incorrectly and claim more permissions than necessary, due to limitations of developers' knowledge and development tools. When application's vulnerabilities are exploited, the additional permissions give attackers more capability to carry out attacks. Hybrid mobile applications (apps) are a class of mobile apps that are built from web technologies, such as HTML, JavaScript, and CSS. In such applications, it is often easier to inject third-party code through vulnerabilities. When developers do not specify app's permissions correctly, the injected code will result in dangerous actions breaching system security. In this paper, we develop an automatic tool to assist developers to identify the permissions required by the apps based on the hybrid mobile apps' runtime permission checking.

AB - The application permission system is one of the key components of Android security. Developers often use it incorrectly and claim more permissions than necessary, due to limitations of developers' knowledge and development tools. When application's vulnerabilities are exploited, the additional permissions give attackers more capability to carry out attacks. Hybrid mobile applications (apps) are a class of mobile apps that are built from web technologies, such as HTML, JavaScript, and CSS. In such applications, it is often easier to inject third-party code through vulnerabilities. When developers do not specify app's permissions correctly, the injected code will result in dangerous actions breaching system security. In this paper, we develop an automatic tool to assist developers to identify the permissions required by the apps based on the hybrid mobile apps' runtime permission checking.

KW - Android

KW - Hybrid mobile app

KW - automatic tool

KW - permission

KW - security

UR - https://www.scopus.com/pages/publications/84958976283

U2 - 10.3233/JHS-160538

DO - 10.3233/JHS-160538

M3 - 文章

AN - SCOPUS:84958976283

SN - 0926-6801

VL - 22

SP - 55

EP - 64

JO - Journal of High Speed Networks

JF - Journal of High Speed Networks

IS - 1

ER -

Automatic permission inference for hybrid mobile apps

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this