ASPG: Generating Android Semantic Permissions

Android system has been widely utilized in smartphones, but it also has many security threats. Android uses the permission system to notice the user during installation about what permissions it will receive. However, according to related research, most users have poor understanding of permissions, and will accept the prompt directly. Over privileged applications will expose users to unnecessary permission warnings and increase the impact of a bug or vulnerability. In order to reduce user´s trouble and avoid application over privilege, we focus on permissions for a given application and examine whether the application description provide any indication for why the application needs a permission. We propose an android semantic permission generator (ASPG) to understand what permissions an application needs from user´s perspective. Our ASPG can get the semantic permissions based on the application description. Besides, ASPG will further tailor the semantically unrelated permissions. We analyze ten popular applications using the ASPG, finding that they all contain semantically unrelated permissions. After tailoring the semantically unrelated permissions, most of applications can run normally. Experimental results show ASPG is feasible. In addition, we provide a specification to support our ASPG better when an application runs abnormally.