The Android research community has long focused on building the permission specification for Android framework APIs, which can be referenced by app developers to request the necessary permissions for their apps. However, existing studies just analyze the permission specification for Java framework APIs in Android SDK, whereas the permission specification for native framework APIs in Android NDK remains intact. Since more and more apps implement their functionalities using native framework APIs, and the permission specification for these APIs is poorly documented, the permission specification analysis for Android NDK is in urgent need. To fill in the gap, in this paper, we conduct the first permission specification analysis for Android NDK. In particular, to automatically generate the permission specification for Android NDK, we design and develop PSGen, a new tool that statically analyzes the implementation of Android framework and Android kernel to correlate native framework APIs with their required permissions. Applying PSGen to 3 Android systems, including Android 9.0, 10.0, and 11.0, we find that PSGen can precisely build the permission specification. With the help of PSGen, we discover more than 200 native framework APIs that are correlated with at least one permission.
|Title of host publication||Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021|
|Number of pages||12|
|Publication status||Published - Nov 2021|
|Name||Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021|
- Artificial Intelligence
- Safety, Risk, Reliability and Quality
- Control and Optimization