MAPPER: Mapping Application Description to Permissions

Abstract

Android operating system has seen phenomenal growth, and Android Applications (Apps) have proliferated into mainstream usage across the globe. Are users informed by the developers about everything an App does when they consent to install an App from Google’s Play Store? In this paper, we propose a technique called MAPPER which aggregates the App permissions with the textual description for more precise App permissions enumeration. We focus on whether the application description fully describes permissions an App will ask and whether the user is made aware of those possible capabilities to take informed decision to install or not to install the App. We investigate permissions inferred from application descriptions and permissions declared in the Android manifest files of 1100+ Android applications. MAPPER prototype finds a large number of Apps live on Google’s Play Store which do not inform users about permissions, more than three-fourths of them are over-privileged from this perspective, and their application descriptions need revision. Our work can be used by App developers also to educate users in a better way. © Springer Nature Switzerland AG 2020.