CLAP: Mining Android App Descriptions for Permission Requirements Recommendation

During the development or maintenance of an Android app, the app developer needs to determine the app's security and privacy requirements such as permission requirements. Permission requirements include two folds: (1) what permissions (i.e., access to sensitive resources, e.g., location or contact list) the app needs to request, and (2) how to explain the reason of permission usages to users. In this paper, we focus on the multiple challenges that developers face when creating the explanations for permission usages. We propose a novel framework, CLAP, that mines potential explanations from the descriptions of similar apps. CLAP leverages information retrieval and text summarization techniques to find frequent permission usages. We evaluate CLAP on a large dataset containing 1.4 million Android apps. The evaluation results show that CLAP outperforms existing state-of-the-art approaches, and has great promise to assist developers for permission requirements discovery.

  • Xueqing Liu, Yue Leng, Wei Yang, Chengxiang Zhai, Tao Xie. Mining Android App Descriptions for Permission Requirements Recommendation. In Proc. of the 26nd IEEE International Requirements Engineering Conference (RE 2018), Banff, August 2018. Download: [PDF] [BibTeX]