Lib2Desc: automatic generation of security-centric Android app descriptions using third-party libraries

Cevik B., Altiparmak N., Aksu M., Sen S.

INTERNATIONAL JOURNAL OF INFORMATION SECURITY, cilt.21, sa.5, ss.1107-1125, 2022 (SCI-Expanded) identifier identifier

  • Yayın Türü: Makale / Tam Makale
  • Cilt numarası: 21 Sayı: 5
  • Basım Tarihi: 2022
  • Doi Numarası: 10.1007/s10207-022-00601-x
  • Dergi Adı: INTERNATIONAL JOURNAL OF INFORMATION SECURITY
  • Derginin Tarandığı İndeksler: Science Citation Index Expanded (SCI-EXPANDED), Scopus, Academic Search Premier, FRANCIS, ABI/INFORM, Applied Science & Technology Source, Business Source Elite, Business Source Premier, Compendex, Computer & Applied Sciences, Criminal Justice Abstracts, INSPEC
  • Sayfa Sayıları: ss.1107-1125
  • Anahtar Kelimeler: Android security, Description-to-permission fidelity, Third-party libraries, NLP, NLG, SELECTION
  • Hacettepe Üniversitesi Adresli: Evet

Özet

Android app developers are expected to specify the use of dangerous permissions in their app descriptions. The absence of such data indicates suspicious behavior. However, this is not always caused by the malicious intent of developers; it may be due to the lack of documentation of the third-party libraries they use. To fill this gap in the literature, this study aims to enrich application descriptions with security-centric information of third-party libraries. To automatically generate application definitions, the study explores classifying libraries and extracting code summaries of library methods that use dangerous permissions and/or leak data. Both the textual information of third-party libraries and their source code are used to create these definitions. To the best of our knowledge, this is the first approach in the literature that creates app descriptions based on third-party libraries.