TY - GEN
T1 - Mining android app descriptions for permission requirements recommendation
AU - Liu, Xueqing
AU - Leng, Yue
AU - Yang, Wei
AU - Zhai, Chengxiang
AU - Xie, Tao
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/10/12
Y1 - 2018/10/12
N2 - During the development or maintenance of an Android app, the app developer needs to determine the app's security and privacy requirements such as permission requirements. Permission requirements include two folds. First, what permissions (i.e., access to sensitive resources, e.g., location or contact list) the app needs to request. Second, how to explain the reason of permission usages to users. In this paper, we focus on the multiple challenges that developers face when creating permission-usage explanations. We propose a novel framework, CLAP, that mines potential explanations from the descriptions of similar apps. CLAP leverages information retrieval and text summarization techniques to find frequent permission usages. We evaluate CLAP on a large dataset containing 1.4 million Android apps. The evaluation results outperform existing state-of-the-art approaches, showing great promise of CLAP as a tool for assisting developers and permission requirements discovery.
AB - During the development or maintenance of an Android app, the app developer needs to determine the app's security and privacy requirements such as permission requirements. Permission requirements include two folds. First, what permissions (i.e., access to sensitive resources, e.g., location or contact list) the app needs to request. Second, how to explain the reason of permission usages to users. In this paper, we focus on the multiple challenges that developers face when creating permission-usage explanations. We propose a novel framework, CLAP, that mines potential explanations from the descriptions of similar apps. CLAP leverages information retrieval and text summarization techniques to find frequent permission usages. We evaluate CLAP on a large dataset containing 1.4 million Android apps. The evaluation results outperform existing state-of-the-art approaches, showing great promise of CLAP as a tool for assisting developers and permission requirements discovery.
KW - Android permission
KW - Natural language processing
KW - Security requirement
UR - http://www.scopus.com/inward/record.url?scp=85056910066&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85056910066&partnerID=8YFLogxK
U2 - 10.1109/RE.2018.00024
DO - 10.1109/RE.2018.00024
M3 - Conference contribution
AN - SCOPUS:85056910066
T3 - Proceedings - 2018 IEEE 26th International Requirements Engineering Conference, RE 2018
SP - 147
EP - 158
BT - Proceedings - 2018 IEEE 26th International Requirements Engineering Conference, RE 2018
A2 - Amyot, Daniel
A2 - Maalej, Walid
A2 - Ruhe, Guenther
T2 - 26th IEEE International Requirements Engineering Conference, RE 2018
Y2 - 20 August 2018 through 24 August 2018
ER -