Enhancing Fidelity of Description in Android Apps With Category-Based Common Permissions

Abstract

Application description analysis is applied for various purposes in software engineering domains. Besides the inherent challenges from the ambiguity of natural language, sparse permission semantics raise the difficulties of predicting functionalities and permission usages from app descriptions. More specifically, the functionalities common to the app's category are intentionally abbreviated by developers due to the limited number of characters, and the permissions are often over-claimed. These are the main reasons that cause false positives in predicting permissions from app descriptions. Such unmentioned permissions can only be detected as suspicious in previous studies where effective assistance for developers in refining app descriptions and preventing potential security risks is not provided. In this paper, we propose the FideDroid, a framework to identify category-based common permissions to offset those essential functionalities while assessing the fidelity of app descriptions. Our framework augments the labeled dataset of app descriptions to improve the prediction of permissions. FideDroid compares inferred permissions with used ones to reveal the suspicious and unnecessary permissions based on the prediction. It helps developers to refine app descriptions and maintain permission usages. In our experiments on large real-world apps, we analyzed and revealed that the category-based common permissions may cover more unmentioned functionalities without considering all possible permissions during app description analysis. In addition, we discovered three factors causing the inconsistency between descriptions and permission usages to be: 1) human interventions in writing description; 2) bad practices on permission usages; and 3) prolific developers. These findings will facilitate developers to refine app descriptions and optimize permission usages in the apps.