M-perm: A lightweight detector for android permission gaps


Android apps operate under a permissions-based system where access to specific APIs are restricted through the use of permissions. Unfortunately, there is no built-in verification system to ensure that apps do not request too many or too few permissions, which could lead to serious quality and/or privacy concerns. Apps requesting too many permissions create unnecessary vulnerabilities, leaving the potential for abuse by SDKs within the app or other malicious apps installed on the device. In order to assist with the discovery of misused permissions, we created a new detection tool, M-Perm, which combines static and dynamic analysis in a computationally efficient manner compared to existing tools. M-Perm also identifies permission usage in apps including requested normal, dangerous, and 3rd party permissions. The tool, complete usage instructions, and screencast are available online: http://www.m-perm.com

2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems (MOBILESoft)
Mohamed Wiem Mkaouer
Mohamed Wiem Mkaouer
Assistant Professor of Software Engineering

Research interests software refactoring and quality.