TY - GEN
T1 - Towards Speedy Permission-Based Debloating for Android Apps
AU - Thung, Ferdian
AU - Liu, Jiakun
AU - Rattanukul, Pattarakrit
AU - Maoz, Shahar
AU - Toch, Eran
AU - Gao, Debin
AU - Lo, David
N1 - Publisher Copyright:
© 2024 Copyright is held by the owner/author(s). Publication rights licensed to ACM.
PY - 2024/4/14
Y1 - 2024/4/14
N2 - Android apps typically include many functionalities that not all users require. These result in software bloat that increases possible attack surface and app size. Common functionalities that users may not require are related to permissions that they intend to disallow in the first place. As these permissions are disallowed, their related code would never be executed and therefore can be safely removed. Existing work has proposed a solution to debloat Android apps according to the disallowed permissions. However, for large and complex applications, the debloating process could take hours, typically due the long time that may be needed to construct call graph for analysis. In this work, we propose MiniAppPerm, that speeds up the permission-based debloating by constructing a partial call graph instead of a complete call graph. Our preliminary experiments on a set of apps in Google Play show that MiniAppPerm can reduce the call graph construction time by up to 85.3%. We also checked that the debloated apps can run without crashes.
AB - Android apps typically include many functionalities that not all users require. These result in software bloat that increases possible attack surface and app size. Common functionalities that users may not require are related to permissions that they intend to disallow in the first place. As these permissions are disallowed, their related code would never be executed and therefore can be safely removed. Existing work has proposed a solution to debloat Android apps according to the disallowed permissions. However, for large and complex applications, the debloating process could take hours, typically due the long time that may be needed to construct call graph for analysis. In this work, we propose MiniAppPerm, that speeds up the permission-based debloating by constructing a partial call graph instead of a complete call graph. Our preliminary experiments on a set of apps in Google Play show that MiniAppPerm can reduce the call graph construction time by up to 85.3%. We also checked that the debloated apps can run without crashes.
UR - http://www.scopus.com/inward/record.url?scp=85196370900&partnerID=8YFLogxK
U2 - 10.1145/3647632.3651390
DO - 10.1145/3647632.3651390
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:85196370900
T3 - Proceedings - 2024 IEEE/ACM 11th International Conference on Mobile Software Engineering and Systems, MOBILESoft 2024
SP - 84
EP - 87
BT - Proceedings - 2024 IEEE/ACM 11th International Conference on Mobile Software Engineering and Systems, MOBILESoft 2024
PB - Association for Computing Machinery, Inc
T2 - 11th IEEE/ACM International Conference on Mobile Software Engineering and Systems, MOBILESoft 2024
Y2 - 15 April 2024
ER -