Lib2Desc: automatic generation of security-centric Android app descriptions using third-party libraries


Cevik B., Altiparmak N., Aksu M., Sen S.

INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2022 (Peer-Reviewed Journal) identifier identifier

  • Publication Type: Article / Article
  • Publication Date: 2022
  • Doi Number: 10.1007/s10207-022-00601-x
  • Journal Name: INTERNATIONAL JOURNAL OF INFORMATION SECURITY
  • Journal Indexes: Science Citation Index Expanded, Scopus, Academic Search Premier, FRANCIS, ABI/INFORM, Applied Science & Technology Source, Business Source Elite, Business Source Premier, Compendex, Computer & Applied Sciences, Criminal Justice Abstracts, INSPEC
  • Keywords: Android security, Description-to-permission fidelity, Third-party libraries, NLP, NLG, SELECTION

Abstract

Android app developers are expected to specify the use of dangerous permissions in their app descriptions. The absence of such data indicates suspicious behavior. However, this is not always caused by the malicious intent of developers; it may be due to the lack of documentation of the third-party libraries they use. To fill this gap in the literature, this study aims to enrich application descriptions with security-centric information of third-party libraries. To automatically generate application definitions, the study explores classifying libraries and extracting code summaries of library methods that use dangerous permissions and/or leak data. Both the textual information of third-party libraries and their source code are used to create these definitions. To the best of our knowledge, this is the first approach in the literature that creates app descriptions based on third-party libraries.