Presentation is loading. Please wait.

Presentation is loading. Please wait.

Android App Permission Manager

Published byLesley Wilkerson Modified over 6 years ago

Similar presentations

Presentation on theme: "Android App Permission Manager"— Presentation transcript:

1 Android App Permission Manager
Katherine Schwartz Eralda Caushaj

2 The Goals Categorize apps into risk categories based on five factors
Inform the user about possible threats to security and privacy Give the user control over the information accessed by their apps

3 Current Progress Basic functionalities of the app were already near completion Research into the area, examining various past approaches Working on explanation and pseudocode for the risk categorization algorithm

4 The App so far User can view any app’s permissions
User is alerted about potential security threats Unnecessary risky functions in red text

5 Previous Works Kirin- Evaluates app permissions vs. a group of set rules Only looks at app permission combinations Probabilistic Generative Models- apply a machine learning model to app permissions to find anomalous apps Complex Requires large, high-quality training set Accuracy “in the wild” is unknown Benefit-adjusted Risk Signals- Risk is evaluated based on how rare a “critical” permission is in the app’s category Risk signals based solely on rarity of selected permissions, no other factors

6 The AAPM Approach

7 Categorizing Apps: The basics
AAPM will examine a set of factors to compute risk categorization to show the user Algorithm will determine whether each factor in an app poses a risk. More risks leads to the app getting a higher risk categorization Safe – Benign – Malicious

8 Categorizing apps: The Factors
Unnecessary app permissions Total number of privacy threats Number of dangerous permission combinations Number of ad networks How many permissions compared to category average

9 Advantages Takes multiple factors into account
Easy to understand for both users and app developers Identifies not only malicious apps, but otherwise-benign apps that could pose a security risk Allows users to immediately mitigate security risks without removing the app in question (if their OS supports the feature)

10 References W. Enck, M. Ongtang, and P. McDaniel. “On lightweight mobile phone application certification,” in Proceedings of the 16th ACM conference on Computer and communications security, pp. 235–245, H. Peng, C. Gates, B. Sarma, N. Li, Y. Qi, R. Potharaju, C. Nita-Rotaru, and I. Molloy. Using probabilistic generative models for ranking risks of Android apps. In Proceedings of the ACM conference on Computer and communications security, 2012. K. Allix, T. F. Bissyande, Q. Jérome, J. Klein, R. State, and Y. Le Traon. “Empirical assessment of machine learning-based malware detectors for android,” in Empirical Software Engineering, 2014. B. Pratim Sarma, N. Li, C. Gates, R. Potharaju, C. Nita-Rotaru and I. Molloy, "Android permissions: a perspective combining risks and benefits", SACMAT '12 Proceedings of the 17th ACM symposium on Access Control Models and Technologies, pp , 2012. Felt, A.P., Greenwood, K., Wagner, D. “The Effectiveness of Application Permissions,” in Proceedings of the USENIX Conference on Web Application Development, 2011.

Download ppt "Android App Permission Manager"

Similar presentations

Pat Langley Computational Learning Laboratory Center for the Study of Language and Information Stanford University, Stanford, California

Pat Langley Computational Learning Laboratory Center for the Study of Language and Information Stanford University, Stanford, California
By James Kasten.  Motivation and Proposed Solution  Common Reputation System Errors  Design Principles and Considerations  Specific Design Specifications.

By James Kasten.  Motivation and Proposed Solution  Common Reputation System Errors  Design Principles and Considerations  Specific Design Specifications.
 The Citrix Application Firewall prevents security breaches, data loss, and possible unauthorized modifications to Web sites that access sensitive business.

 The Citrix Application Firewall prevents security breaches, data loss, and possible unauthorized modifications to Web sites that access sensitive business.
BYOD: RISKS, MATURITY, AND SOLUTIONS ADAM ELY

BYOD: RISKS, MATURITY, AND SOLUTIONS ADAM ELY
How to avoid Viruses and Malware on your Computer Use a firewall Using a firewall is like locking the front door to your house—it helps keep intruders.

How to avoid Viruses and Malware on your Computer Use a firewall Using a firewall is like locking the front door to your house—it helps keep intruders.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
Optimize tomorrow today. TM 1 Optimize tomorrow today. Arlene Minkiewicz, Chief Scientist PRICE Systems, LLC Software.

Optimize tomorrow today. TM 1 Optimize tomorrow today. Arlene Minkiewicz, Chief Scientist PRICE Systems, LLC Software.
CS691 Robin Kimzey Cell Phone Security a little computer in your pocket an easy target for malcontents.

CS691 Robin Kimzey Cell Phone Security a little computer in your pocket an easy target for malcontents.
H-1 Network Management Network management is the process of controlling a complex data network to maximize its efficiency and productivity The overall.

H-1 Network Management Network management is the process of controlling a complex data network to maximize its efficiency and productivity The overall.
William Enck, Machigar Ongtang, and Patrick McDaniel.

William Enck, Machigar Ongtang, and Patrick McDaniel.
Sophos Mobile Security

Sophos Mobile Security
Introduction Our Topic: Mobile Security Why is mobile security important?

Introduction Our Topic: Mobile Security Why is mobile security important?
272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 17: Code Mining.

272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 17: Code Mining.
A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.

A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.
Lightweight Mobile Applications Certification: Prepared By: Rahul Biswas.

Lightweight Mobile Applications Certification: Prepared By: Rahul Biswas.
COMPREHENSIVE Windows Tutorial 5 Protecting Your Computer.

COMPREHENSIVE Windows Tutorial 5 Protecting Your Computer.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Protecting Mobile Users From Visual Privacy Attacks Mahmud Al-Noor Tareq Department of Computer Science and Engineering.

Protecting Mobile Users From Visual Privacy Attacks Mahmud Al-Noor Tareq Department of Computer Science and Engineering.
Permission-based Malware Detection in Android Devices REU fellow: Nadeen Saleh 1, Faculty mentor: Dr. Wenjia Li 2 Affiliation: 1. Florida Atlantic University,

Permission-based Malware Detection in Android Devices REU fellow: Nadeen Saleh 1, Faculty mentor: Dr. Wenjia Li 2 Affiliation: 1. Florida Atlantic University,
Joseph Eckstrom. The issue  A Dr. Xuxian Jiang at NCSU studied 100,000 apps and the ad libraries that they used. He made some unsettling discoveries.

Joseph Eckstrom. The issue  A Dr. Xuxian Jiang at NCSU studied 100,000 apps and the ad libraries that they used. He made some unsettling discoveries.

Similar presentations

Ads by Google