Mining Permission Request Patterns from Android and Facebook Applications (extended author version)
| Autor: | Frank, Mario, Dong, Ben, Felt, Adrienne Porter, Song, Dawn |
|---|---|
| Rok vydání: | 2012 |
| Předmět: | |
| Druh dokumentu: | Working Paper |
| Popis: | Android and Facebook provide third-party applications with access to users' private data and the ability to perform potentially sensitive operations (e.g., post to a user's wall or place phone calls). As a security measure, these platforms restrict applications' privileges with permission systems: users must approve the permissions requested by applications before the applications can make privacy- or security-relevant API calls. However, recent studies have shown that users often do not understand permission requests and lack a notion of typicality of requests. As a first step towards simplifying permission systems, we cluster a corpus of 188,389 Android applications and 27,029 Facebook applications to find patterns in permission requests. Using a method for Boolean matrix factorization for finding overlapping clusters, we find that Facebook permission requests follow a clear structure that exhibits high stability when fitted with only five clusters, whereas Android applications demonstrate more complex permission requests. We also find that low-reputation applications often deviate from the permission request patterns that we identified for high-reputation applications suggesting that permission request patterns are indicative for user satisfaction or application quality. Comment: To be presented at the IEEE International Conference on Data Mining (ICDM) in Brussels, Belgium. This extended author version contains additional analysis of the dataset(price distribution, rating distribution), more details about model-order selection, and more experiments. Please download the dataset from http://www.mariofrank.net/andrApps/index.html |
| Databáze: | arXiv |
| Externí odkaz: |
|