TY - GEN
T1 - Finding the Missing Piece: Permission Specification Analysis for Android NDK
AU - Zhou, Hao
AU - Wang, Haoyu
AU - Wu, Shuohan
AU - Luo, Xiapu
AU - Zhou, Yajin
AU - Chen, Ting
AU - Wang, Ting
N1 - Funding Information:
We thank the anonymous reviewers for their helpful comments. This research is partially supported by the Hong Kong RGC Project (No. PolyU15223918), Hong Kong ITF Project (No. ITS/197/17FP), and the National Natural Science Foundation of China (No.62072046, 61872057), and National Key R&D Program of China (2018YFB0804100), Leading Innovative and Entrepreneur Team Introduction Program of Zhejiang (No. 2018R01005), and the National Science Foundation under Grant (No. 1951729, 1953813, and 1953893).
Publisher Copyright:
© 2021 IEEE.
PY - 2021/11
Y1 - 2021/11
N2 - The Android research community has long focused on building the permission specification for Android framework APIs, which can be referenced by app developers to request the necessary permissions for their apps. However, existing studies just analyze the permission specification for Java framework APIs in Android SDK, whereas the permission specification for native framework APIs in Android NDK remains intact. Since more and more apps implement their functionalities using native framework APIs, and the permission specification for these APIs is poorly documented, the permission specification analysis for Android NDK is in urgent need. To fill in the gap, in this paper, we conduct the first permission specification analysis for Android NDK. In particular, to automatically generate the permission specification for Android NDK, we design and develop PSGen, a new tool that statically analyzes the implementation of Android framework and Android kernel to correlate native framework APIs with their required permissions. Applying PSGen to 3 Android systems, including Android 9.0, 10.0, and 11.0, we find that PSGen can precisely build the permission specification. With the help of PSGen, we discover more than 200 native framework APIs that are correlated with at least one permission.
AB - The Android research community has long focused on building the permission specification for Android framework APIs, which can be referenced by app developers to request the necessary permissions for their apps. However, existing studies just analyze the permission specification for Java framework APIs in Android SDK, whereas the permission specification for native framework APIs in Android NDK remains intact. Since more and more apps implement their functionalities using native framework APIs, and the permission specification for these APIs is poorly documented, the permission specification analysis for Android NDK is in urgent need. To fill in the gap, in this paper, we conduct the first permission specification analysis for Android NDK. In particular, to automatically generate the permission specification for Android NDK, we design and develop PSGen, a new tool that statically analyzes the implementation of Android framework and Android kernel to correlate native framework APIs with their required permissions. Applying PSGen to 3 Android systems, including Android 9.0, 10.0, and 11.0, we find that PSGen can precisely build the permission specification. With the help of PSGen, we discover more than 200 native framework APIs that are correlated with at least one permission.
KW - Android
KW - Kernel
KW - NDK
KW - Permission
UR - http://www.scopus.com/inward/record.url?scp=85125485336&partnerID=8YFLogxK
U2 - 10.1109/ASE51524.2021.9678843
DO - 10.1109/ASE51524.2021.9678843
M3 - Conference article published in proceeding or book
T3 - Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021
SP - 505
EP - 516
BT - Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021
PB - IEEE
ER -