Towards Speedy Permission-Based Debloating for Android Apps

Ferdian Thung, Jiakun Liu, Pattarakrit Rattanukul, Shahar Maoz, Eran Toch, Debin Gao, David Lo

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Android apps typically include many functionalities that not all users require. These result in software bloat that increases possible attack surface and app size. Common functionalities that users may not require are related to permissions that they intend to disallow in the first place. As these permissions are disallowed, their related code would never be executed and therefore can be safely removed. Existing work has proposed a solution to debloat Android apps according to the disallowed permissions. However, for large and complex applications, the debloating process could take hours, typically due the long time that may be needed to construct call graph for analysis. In this work, we propose MiniAppPerm, that speeds up the permission-based debloating by constructing a partial call graph instead of a complete call graph. Our preliminary experiments on a set of apps in Google Play show that MiniAppPerm can reduce the call graph construction time by up to 85.3%. We also checked that the debloated apps can run without crashes.

Original languageEnglish
Title of host publicationProceedings - 2024 IEEE/ACM 11th International Conference on Mobile Software Engineering and Systems, MOBILESoft 2024
PublisherAssociation for Computing Machinery, Inc
Pages84-87
Number of pages4
ISBN (Electronic)9798400705892
DOIs
StatePublished - 14 Apr 2024
Event11th IEEE/ACM International Conference on Mobile Software Engineering and Systems, MOBILESoft 2024 - Lisbon, Portugal
Duration: 15 Apr 2024 → …

Publication series

NameProceedings - 2024 IEEE/ACM 11th International Conference on Mobile Software Engineering and Systems, MOBILESoft 2024

Conference

Conference11th IEEE/ACM International Conference on Mobile Software Engineering and Systems, MOBILESoft 2024
Country/TerritoryPortugal
CityLisbon
Period15/04/24 → …

Funding

FundersFunder number
National Research Foundation Singapore
Building and Construction Authority - Singapore
Singapore Management University
Tel Aviv University
Cyber Security Agency of SingaporeNCRP25-P03-NCR-TAU

    Fingerprint

    Dive into the research topics of 'Towards Speedy Permission-Based Debloating for Android Apps'. Together they form a unique fingerprint.

    Cite this