Finding the Missing Piece: Permission Specification Analysis for Android NDK

Hao Zhou, Haoyu Wang, Shuohan Wu, Xiapu Luo, Yajin Zhou, Ting Chen, Ting Wang

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

Abstract

The Android research community has long focused on building the permission specification for Android framework APIs, which can be referenced by app developers to request the necessary permissions for their apps. However, existing studies just analyze the permission specification for Java framework APIs in Android SDK, whereas the permission specification for native framework APIs in Android NDK remains intact. Since more and more apps implement their functionalities using native framework APIs, and the permission specification for these APIs is poorly documented, the permission specification analysis for Android NDK is in urgent need. To fill in the gap, in this paper, we conduct the first permission specification analysis for Android NDK. In particular, to automatically generate the permission specification for Android NDK, we design and develop PSGen, a new tool that statically analyzes the implementation of Android framework and Android kernel to correlate native framework APIs with their required permissions. Applying PSGen to 3 Android systems, including Android 9.0, 10.0, and 11.0, we find that PSGen can precisely build the permission specification. With the help of PSGen, we discover more than 200 native framework APIs that are correlated with at least one permission.
Original languageEnglish
Title of host publicationProceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021
PublisherIEEE
Pages505-516
Number of pages12
ISBN (Electronic)978-1-6654-0337-5
DOIs
Publication statusPublished - Nov 2021

Publication series

NameProceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021

Keywords

  • Android
  • Kernel
  • NDK
  • Permission

ASJC Scopus subject areas

  • Artificial Intelligence
  • Software
  • Safety, Risk, Reliability and Quality
  • Control and Optimization

Cite this