Detecting Inconsistencies between Android App Descriptions and Permissions
Android users are offered a vast number of apps that provide a variety of functionalities and assistance in everyday life. While the functionality of the applications can have a strong impact on the privacy of the user, permissions are introduced as a mechanism that protects users’ assets by asking for explicit consent when accessing privacy-sensitive data. Nevertheless, users often struggle to find a connection between requested permissions and the description of the app.
To reliably identify if the need for permission is justified is a challenging task that we aim to tackle in this project. We propose a novel machine-learning approach that predicts app behavior based on the information provided by developers. We create a dataset with 46 000+ app descriptions and permissions. Furthermore, we design a model using a state-of-the-art Transformer that identifies whether the need for permission is outlined in the description of the app and to what extent.