research-article

Checking app behavior against app descriptions

Authors:

Alessandra Gorla,

Ilaria Tavecchia,

Andreas ZellerAuthors Info & Claims

ICSE 2014: Proceedings of the 36th International Conference on Software Engineering

Pages 1025 - 1035

https://doi.org/10.1145/2568225.2568276

Published: 31 May 2014 Publication History

Abstract

How do we know a program does what it claims to do? After clustering Android apps by their description topics, we identify outliers in each cluster with respect to their API usage. A "weather" app that sends messages thus becomes an anomaly; likewise, a "messaging" app would typically not be expected to access the current location. Applied on a set of 22,500+ Android applications, our CHABADA prototype identified several anomalies; additionally, it flagged 56% of novel malware as such, without requiring any known malware patterns.

References

[1]

D. Amalfitano, A. R. Fasolino, P. Tramontana, S. De Carmine, and A. M. Memon. Using GUI ripping for automated testing of Android applications. In IEEE/ACM International Conference on Automated Software Engineering (ASE), pages 258–261, New York, NY, USA, 2012. ACM.

Digital Library

[2]

K. W. Y. Au, Y. F. Zhou, Z. Huang, and D. Lie. PScout: analyzing the Android permission specification. In ACM Conference on Computer and Communications Security (CCS), pages 217–228, New York, NY, USA, 2012. ACM.

Digital Library

[3]

A. Bartel, J. Klein, M. Monperrus, and Y. Le Traon. Automatically securing permission-based software by reducing the attack surface: An application to Android. In IEEE/ACM International Conference on Automated Software Engineering (ASE), pages 274–277, 2012.

Digital Library

[4]

D. M. Blei, A. Y. Ng, and M. I. Jordan. Latent Dirichlet allocation. Journal of Machine Learning Research, 3:993–1022, 2003.

Digital Library

[5]

E. Bodden, A. Sewe, J. Sinschek, H. Oueslati, and M. Mezini. Taming reflection: Aiding static analysis in the presence of reflection and custom class loaders. In ACM/IEEE International Conference on Software Engineering (ICSE), pages 241–250, New York, NY, USA, 2011. ACM.

Digital Library

[6]

W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In USENIX conference on Operating Systems Design and Implementation (OSDI), pages 1–6, Berkeley, CA, USA, 2010. USENIX Association.

Digital Library

[7]

A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android permissions demystified. In ACM Conference on Computer and Communications Security (CCS), pages 627–638, New York, NY, USA, 2011. ACM.

Digital Library

[8]

C. Fritz, S. Arzt, S. Rasthofer, E. Bodden, A. Bartel, J. Klein, Y. le Traon, D. Octeau, and P. McDaniel. Highly precise taint analysis for Android applications. Technical Report TUD-CS-2013-0113, EC SPRIDE, 2013.

[9]

M. Harman, Y. Jia, and Y. Zhang. App store mining and analysis: MSR for app stores. In IEEE Working Conference on Mining Software Repositories (MSR), pages 108–111, 2012.

[10]

K. A. Heller, K. M. Svore, A. D. Keromytis, and S. J. Stolfo. One class support vector machines for detecting anomalous windows registry accesses. In ICDM Workshop on Data Mining for Computer Security (DMSEC), 2003.

[11]

E. W. Høst and B. M. Østvold. Debugging method names. In European Conference on Object-Oriented Programming (ECOOP), pages 294–317. Springer, 2009.

Digital Library

[12]

C. Hu and I. Neamtiu. Automating GUI testing for Android applications. In International Workshop on Automation of Software Test (AST), pages 77–83, New York, NY, USA, 2011. ACM.

Digital Library

[13]

K. S. Jones. A statistical interpretation of term specificity and its application in retrieval. Journal of Documentation, 28(1):11–21, 1972.

[14]

J. Lin, S. Amini, J. I. Hong, N. Sadeh, J. Lindqvist, and J. Zhang. Expectation and purpose: understanding users’ mental models of mobile app privacy through crowdsourcing. In ACM Conference on Ubiquitous Computing (UbiComp), pages 501–510, New York, NY, USA, 2012. ACM.

Digital Library

[15]

A. Machiry, R. Tahiliani, and M. Naik. Dynodroid: an input generation system for Android apps. In European Software Engineering Conference held jointly with ACM SIGSOFT International Symposium on Foundations of Software Engineering (ESEC/FSE), pages 224–234, New York, NY, USA, 2013. ACM.

Digital Library

[16]

J. B. MacQueen. Some methods for classification and analysis of multivariate observations. In L. M. L. Cam and J. Neyman, editors, Berkeley Symposium on Mathematical Statistics and Probability, volume 1, pages 281–297. University of California Press, 1967.

[17]

L. M. Manevitz and M. Yousef. One-class SVMs for document classification. Journal of Machine Learning Research, 2:139–154, 2002.

Digital Library

[18]

A. K. McCallum. Mallet: A machine learning for language toolkit. http://mallet.cs.umass.edu, 2002.

[19]

R. Pandita, X. Xiao, W. Yang, W. Enck, and T. Xie. WHYPER: Towards automating risk assessment of mobile applications. In USENIX Security Symposium, pages 527–542, 2013.

Digital Library

[20]

R. Pandita, X. Xiao, H. Zhong, T. Xie, S. Oney, and A. Paradkar. Inferring method specifications from natural language API descriptions. In ACM/IEEE International Conference on Software Engineering (ICSE), 2012.

Digital Library

[21]

P. Rousseeuw. Silhouettes: a graphical aid to the interpretation and validation of cluster analysis. Journal of Computational and Applied Mathematics, 20(1):53–65, 1987.

Digital Library

[22]

B. Schölkopf, J. C. Platt, J. C. Shawe-Taylor, A. J. Smola, and R. C. Williamson. Estimating the support of a high-dimensional distribution. Neural Computation, 13(7):1443–1471, 2001.

Digital Library

[23]

R. Stevens, J. Ganz, P. Devanbu, H. Chen, and V. Filkov. Asking for (and about) permissions used by Android apps. In IEEE Working Conference on Mining Software Repositories (MSR), pages 31–40, San Francisco, CA, 2013.

Digital Library

[24]

L. Tan, D. Yuan, G. Krishna, and Y. Zhou. /* iComment: Bugs or bad comments? */. In ACM SIGOPS Symposium on Operating Systems Principles (SOSP), pages 145–158, 2007.

Digital Library

[25]

A. Wasylkowski, A. Zeller, and C. Lindig. Detecting object usage anomalies. In European Software Engineering Conference held jointly with ACM SIGSOFT International Symposium on Foundations of Software Engineering (ESEC/FSE), pages 35–44, New York, NY, 2007. ACM.

Digital Library

[26]

X. Wei, L. Gomez, I. Neamtiu, and M. Faloutsos. ProfileDroid: multi-layer profiling of Android applications. In ACM Annual International Conference on Mobile Computing and networking (MobiCom), pages 137–148, New York, NY, USA, 2012. ACM.

Digital Library

[27]

W. Yang, M. R. Prasad, and T. Xie. A grey-box approach for automated GUI-model generation of mobile applications. In International Conference on Fundamental Approaches to Software Engineering (FASE), pages 250–265, Berlin, Heidelberg, 2013. Springer-Verlag.

Digital Library

[28]

Y. Zhou and X. Jiang. Dissecting Android malware: Characterization and evolution. In IEEE Symposium on Security and Privacy (SP), pages 95–109, Washington, DC, USA, 2012. IEEE Computer Society.

Digital Library

Cited By

Sun JSu TSun JLi JWang MPu Gd'Amorim M(2024)Property-Based Testing for Validating User Privacy-Related Functionalities in Social Media AppsCompanion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering10.1145/3663529.3663863(440-451)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.1145/3663529.3663863
Alecci MJiménez PAllix KBissyandé TKlein JSpinellis DConstantinou EBacchelli A(2024)AndroZoo: A Retrospective with a Glimpse into the FutureProceedings of the 21st International Conference on Mining Software Repositories10.1145/3643991.3644863(389-393)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1145/3643991.3644863
Zhao YYu LSun YLiu QLuo BBaysal OLinares-Vasquez MMoran KSteinmacher I(2024)No Source Code? No Problem! Demystifying and Detecting Mask Apps in iOSProceedings of the 32nd IEEE/ACM International Conference on Program Comprehension10.1145/3643916.3644419(358-369)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1145/3643916.3644419
Show More Cited By

Index Terms

Checking app behavior against app descriptions
1. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

An Explorative Study of the Mobile App Ecosystem from App Developers' Perspective
WWW '17: Proceedings of the 26th International Conference on World Wide Web

With the prevalence of smartphones, app markets such as Apple App Store and Google Play has become the center stage in the mobile app ecosystem, with millions of apps developed by tens of thousands of app developers in each major market. This paper ...
Permission-Educator: App for Educating Users About Android Permissions
Intelligent Human Computer Interaction
Abstract
Cyberattacks and malware infestation are issues that surround most operating systems (OS) these days. In smartphones, Android OS is more susceptible to malware infection. Although Android has introduced several mechanisms to avoid cyberattacks, ...
Same app, different app stores: a comparative study
MOBILESoft '17: Proceedings of the 4th International Conference on Mobile Software Engineering and Systems

To attract more users, implementing the same mobile app for different platforms has become a common industry practice. App stores provide a unique channel for users to share feedback on the acquired apps through ratings and textual reviews. However, ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ICSE 2014: Proceedings of the 36th International Conference on Software Engineering

May 2014

1139 pages

ISBN:9781450327565

DOI:10.1145/2568225

General Chair:
Pankaj Jalote
IIIT-Delhi, India
,
Program Chairs:
Lionel Briand
University of Luxembourg, Luxembourg
,
André van der Hoek
University of California, Irvine, USA

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

In-Cooperation

TCSE: IEEE Computer Society's Tech. Council on Software Engin.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 31 May 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ICSE '14

Sponsor:

SIGSOFT

ICSE '14: 36th International Conference on Software Engineering

May 31 - June 7, 2014

Hyderabad, India

Acceptance Rates

Overall Acceptance Rate 276 of 1,856 submissions, 15%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

292
Total Citations
View Citations
2,091
Total Downloads

Downloads (Last 12 months)85
Downloads (Last 6 weeks)4

Reflects downloads up to 25 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Sun JSu TSun JLi JWang MPu Gd'Amorim M(2024)Property-Based Testing for Validating User Privacy-Related Functionalities in Social Media AppsCompanion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering10.1145/3663529.3663863(440-451)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.1145/3663529.3663863
Alecci MJiménez PAllix KBissyandé TKlein JSpinellis DConstantinou EBacchelli A(2024)AndroZoo: A Retrospective with a Glimpse into the FutureProceedings of the 21st International Conference on Mining Software Repositories10.1145/3643991.3644863(389-393)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1145/3643991.3644863
Zhao YYu LSun YLiu QLuo BBaysal OLinares-Vasquez MMoran KSteinmacher I(2024)No Source Code? No Problem! Demystifying and Detecting Mask Apps in iOSProceedings of the 32nd IEEE/ACM International Conference on Program Comprehension10.1145/3643916.3644419(358-369)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1145/3643916.3644419
Xie FYan CMeng MTeng SZhang YBai GRoychoudhury APaiva AAbreu RStorey M(2024)Are Your Requests Your True Needs? Checking Excessive Data Collection in VPA AppProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639107(1-12)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639107
Tileria MBlasco JDash SRoychoudhury APaiva AAbreu RStorey M(2024)DocFlow: Extracting Taint Specifications from Software DocumentationProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3623312(1-12)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3623312
Alecci MSamhi JLi LBissyandé TKlein J(2024)Improving Logic Bomb Identification in Android Apps via Context-Aware Anomaly DetectionIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.3358979(1-18)Online publication date: 2024
https://doi.org/10.1109/TDSC.2024.3358979
Ling YHao YWang YWang KBai GDong J(2024)Essential or Excessive? MINDAEXT: Measuring Data Minimization Practices among Browser Extensions2024 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER60148.2024.00104(964-975)Online publication date: 12-Mar-2024
https://doi.org/10.1109/SANER60148.2024.00104
Kishnani UNoah NDas SDewri R(2023)Assessing Security, Privacy, User Interaction, and Accessibility Features in Popular E-Payment ApplicationsProceedings of the 2023 European Symposium on Usable Security10.1145/3617072.3617102(143-157)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3617072.3617102
Wang LWang HWang HLi LWang Y(2023)A Deep Dive into the Featured iOS AppsProceedings of the 14th Asia-Pacific Symposium on Internetware10.1145/3609437.3609467(112-122)Online publication date: 4-Aug-2023
https://dl.acm.org/doi/10.1145/3609437.3609467
Chen LZhang TMa YChen M(2023)Monitoring method of API encryption parameter tamper attack based on deep learningSixth International Conference on Intelligent Computing, Communication, and Devices (ICCD 2023)10.1117/12.2682859(28)Online publication date: 16-Jun-2023
https://doi.org/10.1117/12.2682859
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents