RPCDroid: Runtime Identification of Permission Usage Contexts in Android Applications

Michele Guerra; Roberto Milanese; Rocco Oliveto; Fausto Fasano

doi:10.5220/0011797200003405

RPCDroid: Runtime Identification of Permission Usage Contexts in Android Applications

Michele Guerra, Roberto Milanese, Rocco Oliveto, Fausto Fasano

2023

Abstract

Over the years, there has been an explosion in the app market offering users a wide range of functionalities especially since modern devices are equipped with many hardware resources such as cameras, GPS, and so on. Unfortunately, this is sometimes associated to indiscriminate access to sensitive data. This exposes users to security and privacy risks because, although resource usage requires explicit user authorization, once permission is granted, a mobile application is usually free to access the corresponding resource until the permission is expressly revoked or the app is uninstalled. In this work, we introduce RPCDroid, a dynamic analysis tool for run-time tracking of the behavior (UI events and used permissions) of Android mobile applications that use device resources requiring dangerous permissions. We assessed the effectiveness of the tool to identify usage contexts, discriminating between different kinds of access to the same sensitive resource. We executed RPCDroid on a set of popular applications obtaining evidence that, in many cases, mobile applications access to the same resource though different user interactions.

Download

Paper Citation

in Harvard Style

Guerra M., Milanese R., Oliveto R. and Fasano F. (2023). RPCDroid: Runtime Identification of Permission Usage Contexts in Android Applications. In Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-624-8, pages 714-721. DOI: 10.5220/0011797200003405

in Bibtex Style

@conference{icissp23,
author={Michele Guerra and Roberto Milanese and Rocco Oliveto and Fausto Fasano},
title={RPCDroid: Runtime Identification of Permission Usage Contexts in Android Applications},
booktitle={Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2023},
pages={714-721},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011797200003405},
isbn={978-989-758-624-8},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - RPCDroid: Runtime Identification of Permission Usage Contexts in Android Applications
SN - 978-989-758-624-8
AU - Guerra M.
AU - Milanese R.
AU - Oliveto R.
AU - Fasano F.
PY - 2023
SP - 714
EP - 721
DO - 10.5220/0011797200003405