research-article

Catering to Your Concerns: Automatic Generation of Personalised Security-Centric Descriptions for Android Apps

Authors:

Rongjunchen Zhang,

Marthie Grobler,

Yang XiangAuthors Info & Claims

ACM Transactions on Cyber-Physical Systems, Volume 3, Issue 4

Article No.: 36, Pages 1 - 21

https://doi.org/10.1145/3317699

Published: 04 September 2019 Publication History

Abstract

Android users are increasingly concerned with the privacy of their data and security of their devices. To improve the security awareness of users, recent automatic techniques produce security-centric descriptions by performing program analysis. However, the generated text does not always address users’ concerns as they are generally too technical to be understood by ordinary users. Moreover, different users have varied linguistic preferences that do not match the text. Motivated by this challenge, we develop an innovative scheme to help users avoid malware and privacy-breaching apps by generating security descriptions that explain the privacy and security related aspects of an Android app in clear and understandable terms. We implement a prototype system, PERSCRIPTION, to generate personalised security-centric descriptions that automatically learn users’ security concerns and linguistic preferences to produce user-oriented descriptions. We evaluate our scheme through experiments and user studies. The results clearly demonstrate the improvement on readability and users’ security awareness of PERSCRIPTION’s descriptions compared to existing description generators.

References

[1]

Firoj Alam and Giuseppe Riccardi. 2014. Fusion of acoustic, linguistic and psycholinguistic features for speaker personality traits recognition. In 2014 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). IEEE, 955--959.

[2]

Amazon. 2018. Amazon’s Mechanical Turk. Retrieved from https://requester.mturk.com/.

[3]

Daniel Arp, Michael Spreitzenbarth, Malte Hubner, Hugo Gascon, Konrad Rieck, and CERT Siemens. 2014. DREBIN: Effective and explainable detection of android malware in your pocket. In NDSS, Vol. 14. 23--26.

[4]

David Codish and Gilad Ravid. 2014. Personality based gamification: How different personalities perceive gamification. In Proceedings of the European Conference on Information Systems (ECIS'14), Tel Aviv, Israel, June 9--11.

[5]

Parvez Faruki, Ammar Bharmal, Vijay Laxmi, Vijay Ganmoor, Manoj Singh Gaur, Mauro Conti, and Muttukrishnan Rajarajan. 2015. Android security: A survey of issues, malware penetration, and defenses. IEEE Commun. Surv. Tutorials 17, 2 (2015), 998--1022.

Digital Library

[6]

Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, and David Wagner. 2012. Android permissions: User attention, comprehension, and behavior. In Proceedings of the 8th Symposium on Usable Privacy and Security. ACM, 3.

Digital Library

[7]

Drew Fisher, Leah Dorner, and David Wagner. 2012. Short paper: Location privacy: User behavior in the field. In Proceedings of the 2nd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. ACM, 51--56.

Digital Library

[8]

David E. Goldberg and John H. Holland. 1988. Genetic algorithms and machine learning. Mach. Learn. 3, 2 (1988), 95--99.

[9]

Google. 2018. Android Documentation. Retrieved from https://developer.android.com/reference/org/w3c/dom/Document.html.

[10]

Yanxiang Guo, Xiping Hu, Bin Hu, Jun Cheng, Mengchu Zhou, and Ricky YK Kwok. 2018. Mobile cyber physical systems: Current challenges and future networking applications. IEEE Access 6 (2018), 12360--12368.

[11]

Oliver P. John and Sanjay Srivastava. 1999. The big five trait taxonomy: History, measurement, and theoretical perspectives. Handb. Pers. Theory Res. 2, 1999 (1999), 102--138.

[12]

J. Peter Kincaid, Robert P. Fishburne Jr., Richard L. Rogers, and Brad S. Chissom. 1975. Derivation of New Readability Formulas (Automated Readability Index, fog Count and Flesch Reading Ease Formula) for Navy Enlisted Personnel. Technical Report. Naval Technical Training Command Millington TN Research Branch.

[13]

Thomas K. Landauer, Peter W. Foltz, and Darrell Laham. 1998. An introduction to latent semantic analysis. Discourse Processes 25, 2--3 (1998), 259--284.

[14]

Benoit Lavoie and Owen Rambow. 1997. A fast and portable realizer for text generation systems. In Proceedings of the 5th Conference on Applied Natural Language Processing. Association for Computational Linguistics, 265--268.

Digital Library

[15]

Lingguang Lei, Yuewu Wang, Jian Zhou, Daren Zha, and Zhongwen Zhang. 2013. A threat to mobile cyber-physical systems: Sensor-based privacy theft attacks on Android smartphones. In 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE, 126--133.

Digital Library

[16]

Jialiu Lin, Bin Liu, Norman Sadeh, and Jason I. Hong. 2014. Modeling users’ mobile app privacy preferences: Restoring usability in a sea of permission settings. In Proceedings of the 10th Symposium On Usable Privacy and Security (SOUPS'14). 199--212.

Digital Library

[17]

Bin Liu, Mads Schaarup Andersen, Florian Schaub, Hazim Almuhimedi, S. Aerin Zhang, Norman Sadeh, Y. Agarwal, and A. Acquisti. 2016. Follow my recommendations: A personalized privacy assistant for mobile app permissions. In Symposium on Usable Privacy and Security.

Digital Library

[18]

Bin Liu, Deguang Kong, Lei Cen, Neil Zhenqiang Gong, Hongxia Jin, and Hui Xiong. 2015. Personalized mobile app recommendation: Reconciling app functionality and user privacy preference. In Proceedings of the 8th ACM International Conference on Web Search and Data Mining. ACM, 315--324.

Digital Library

[19]

Robert C. MacCallum, Shaobo Zhang, Kristopher J. Preacher, and Derek D. Rucker. 2002. On the practice of dichotomization of quantitative variables.Psychol. Methods 7, 1 (2002), 19.

[20]

François Mairesse and Marilyn Walker. 2007. PERSONAGE: Personality generation for dialogue. In Proceedings of the 45th Annual Meeting of the Association of Computational Linguistics. 496--503.

[21]

François Mairesse and Marilyn Walker. 2008. Trainable generation of big-five personality styles through data-driven parameter estimation. Proceedings of ACL-08: HLT (2008), 165--173.

[22]

François Mairesse and Marilyn A. Walker. 2010. Towards personality-based user adaptation: Psychologically informed stylistic language generation. User Model. User-Adapt. Interact. 20, 3 (2010), 227--278.

Digital Library

[23]

François Mairesse and Marilyn A. Walker. 2011. Controlling user perceptions of linguistic style: Trainable generation of personality traits. Comput. Ling. 37, 3 (2011), 455--488.

Digital Library

[24]

Navonil Majumder, Soujanya Poria, Alexander Gelbukh, and Erik Cambria. 2017. Deep learning-based document modeling for personality detection from text. IEEE Intell. Syst. 32, 2 (2017), 74--79.

Digital Library

[25]

William C. Mann and Sandra A. Thompson. 1988. Rhetorical structure theory: Toward a functional theory of text organization. Text-Interdiscip. J. Stud. Discourse 8, 3 (1988), 243--281.

[26]

William A. McConochie. 2007. The Big Five Inventory (BFI) Manual. Retrieved from https://www.testmasterinc.com/Tests/BFI/BFI\_Manual.pdf.

[27]

Robert R. McCrae and Oliver P. John. 1992. An introduction to the five-factor model and its applications. J. Pers. 60, 2 (1992), 175--215.

[28]

George A. Miller. 1995. WordNet: A lexical database for english. Commun. ACM 38, 11 (1995), 39--41.

Digital Library

[29]

Jonathan Mugan, Tarun Sharma, and Norman Sadeh. 2011. Understandable learning of privacy preferences through default personas and suggestions. Institute for Software Research Technical Report CMU-ISR-11-112. Carnegie Mellon University, Pittsburgh, PA (2011).

[30]

Collin Mulliner, Steffen Liebergeld, and Matthias Lange. 2011. Poster: Honeydroid-creating a smartphone honeypot. In IEEE Symposium on Security and Privacy, Vol. 2.

[31]

Rahul Pandita, Xusheng Xiao, Wei Yang, William Enck, and Tao Xie. 2013. WHYPER: Towards automating risk assessment of mobile applications. In USENIX Security Symposium, Vol. 2013.

Digital Library

[32]

James W. Pennebaker, Martha E. Francis, and Roger J. Booth. 2001. Linguistic inquiry and word count: LIWC 2001. Mahway: Lawrence Erlbaum Associates 71, 2001 (2001), 2001.

[33]

James W. Pennebaker and Laura A. King. 1999. Linguistic styles: Language use as an individual difference.J. Pers. Social Psychol. 77, 6 (1999), 1296.

[34]

Heloise Pieterse and Martin S. Olivier. 2012. Android botnets on the rise: Trends and characteristics. In Information Security for South Africa (ISSA), 2012. IEEE, 1--5.

[35]

Mohammad Taher Pilehvar, David Jurgens, and Roberto Navigli. 2013. Align, disambiguate and walk: A unified approach for measuring semantic similarity. In Proceedings of the 51st Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers), Vol. 1. 1341--1351.

[36]

Zhengyang Qu, Vaibhav Rastogi, Xinyi Zhang, Yan Chen, Tiantian Zhu, and Zhong Chen. 2014. Autocog: Measuring the description-to-permission fidelity in android applications. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1354--1365.

Digital Library

[37]

Gerard Saucier and Sanjay Srivastava. 2015. What makes a good structural model of personality? evaluating the big five and alternatives. Handb. Pers. Social Psychol. 3 (2015), 283--305.

[38]

Roman Schlegel, Kehuan Zhang, Xiao-yong Zhou, Mehool Intwala, Apu Kapadia, and XiaoFeng Wang. 2011. Soundcomber: A stealthy and context-aware sound trojan for smartphones. In NDSS, Vol. 11. 17--33.

[39]

Suranga Seneviratne, Aruna Seneviratne, Prasant Mohapatra, and Anirban Mahanti. 2014. Predicting user traits from a snapshot of apps installed on a smartphone. ACM SIGMOBILE Mob. Comput. Commun. Rev. 18, 2 (2014), 1--8.

Digital Library

[40]

Seung-Hyun Seo, Aditi Gupta, Asmaa Mohamed Sallam, Elisa Bertino, and Kangbin Yim. 2014. Detecting mobile malware threats to homeland security through static analysis. J. Network Comput. Appl. 38 (2014), 43--53.

Digital Library

[41]

SpazioDati. 2017. Dandelion API. Retrieved from https://dandelion.eu/docs/api/datatxt/sim/v1/.

[42]

Amanda Stent, Rashmi Prasad, and Marilyn Walker. 2004. Trainable sentence planning for complex information presentation in spoken dialog systems. In Proceedings of the 42nd Annual Meeting on Association for Computational Linguistics. Association for Computational Linguistics, 79.

Digital Library

[43]

Marilyn A. Walker, Amanda Stent, François Mairesse, and Rashmi Prasad. 2007. Individual and domain adaptation in sentence planning for dialogue. J. Artif. Intell. Res. 30 (2007), 413--456.

[44]

Shomir Wilson, Justin Cranshaw, Norman Sadeh, Alessandro Acquisti, Lorrie Faith Cranor, Jay Springfield, Sae Young Jeong, and Arun Balasubramanian. 2013. Privacy manipulation and acclimation in a location sharing application. In Proceedings of the 2013 ACM International Joint Conference on Pervasive and Ubiquitous Computing. ACM, 549--558.

Digital Library

[45]

William R. Wright and David N. Chin. 2014. Personality profiling from text: Introducing part-of-speech N-grams. In International Conference on User Modeling, Adaptation, and Personalization. Springer, 243--253.

[46]

Runhua Xu, Remo Manuel Frey, Elgar Fleisch, and Alexander Ilic. 2016. Understanding the impact of personality traits on mobile app adoption—Insights from a large-scale field study. Comput. Hum. Behav. 62 (2016), 244--256.

Digital Library

[47]

Le Yu, Tao Zhang, Xiapu Luo, Lei Xue, and Henry Chang. 2017. Toward automatically generating privacy policy for android apps. IEEE Trans. Inf. Forensics Secur. 12, 4 (2017), 865--880.

Digital Library

[48]

Mu Zhang, Yue Duan, Qian Feng, and Heng Yin. 2015. Towards automatic generation of security-centric descriptions for android apps. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 518--529.

Digital Library

[49]

Yajin Zhou, Zhi Wang, Wu Zhou, and Xuxian Jiang. 2012. Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets. In NDSS, Vol. 25. 50--52.

Cited By

Cevik BAltiparmak NAksu MSen S(2022)Lib2Desc: automatic generation of security-centric Android app descriptions using third-party librariesInternational Journal of Information Security10.1007/s10207-022-00601-x21:5(1107-1125)Online publication date: 1-Oct-2022
https://dl.acm.org/doi/10.1007/s10207-022-00601-x
Son HCarminati BFerrari E(2022)PriApp-Install: Learning User Privacy Preferences on Mobile Apps’ InstallationInformation Security Practice and Experience10.1007/978-3-031-21280-2_17(306-323)Online publication date: 23-Nov-2022
https://dl.acm.org/doi/10.1007/978-3-031-21280-2_17

Index Terms

Catering to Your Concerns: Automatic Generation of Personalised Security-Centric Descriptions for Android Apps
1. Human-centered computing
  1. Human computer interaction (HCI)
2. Security and privacy
  1. Systems security
    1. Operating systems security
      1. Mobile platform security

Recommendations

Towards Automatic Generation of Security-Centric Descriptions for Android Apps
CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

To improve the security awareness of end users, Android markets directly present two classes of literal app information: 1) permission requests and 2) textual descriptions. Unfortunately, neither can serve the needs. A permission list is not only hard ...
Vetting undesirable behaviors in android apps with permission use analysis
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Android platform adopts permissions to protect sensitive resources from untrusted apps. However, after permissions are granted by users at install time, apps could use these permissions (sensitive resources) with no further restrictions. Thus, recent ...
revDroid: Code Analysis of the Side Effects after Dynamic Permission Revocation of Android Apps
ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

Dynamic revocation of permissions of installed Android applications has been gaining popularity, because of the increasing concern of security and privacy in the Android platform. However, applications often crash or misbehave when their permissions are ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Cyber-Physical Systems

ACM Transactions on Cyber-Physical Systems Volume 3, Issue 4

Special Issue on Human-Interaction-Aware Data Analytics for CPS

October 2019

171 pages

ISSN:2378-962X

EISSN:2378-9638

DOI:10.1145/3356399

Editor:
Tei-Wei Kuo
City University of Hong Kong and National Taiwan University, Taiwan

Issue’s Table of Contents

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

ACM Journals for the Design of Smart and Connected Systems

Publication History

Published: 04 September 2019

Accepted: 01 March 2019

Revised: 01 February 2019

Received: 01 July 2018

Published in TCPS Volume 3, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
234
Total Downloads

Downloads (Last 12 months)17
Downloads (Last 6 weeks)0

Reflects downloads up to 26 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Cevik BAltiparmak NAksu MSen S(2022)Lib2Desc: automatic generation of security-centric Android app descriptions using third-party librariesInternational Journal of Information Security10.1007/s10207-022-00601-x21:5(1107-1125)Online publication date: 1-Oct-2022
https://dl.acm.org/doi/10.1007/s10207-022-00601-x
Son HCarminati BFerrari E(2022)PriApp-Install: Learning User Privacy Preferences on Mobile Apps’ InstallationInformation Security Practice and Experience10.1007/978-3-031-21280-2_17(306-323)Online publication date: 23-Nov-2022
https://dl.acm.org/doi/10.1007/978-3-031-21280-2_17

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Issue’s Table of Contents