AutoCog:Description-to-Permission Fidelity Software
- Technology Benefits
- State-of-the-artnatural language processing techniqueHigh averageprecision (92.6%) and recall (92%)Generalizableover various permissions
- Detailed Technology Description
- New application designed to assess whether an application description accurately conveys the permissions it requires to function on a smart phone #software #application #security
- *Abstract
-
Mobile applications on smartphones frequently access sensitive privacy information, such as location data, contacts, photos, calls, text messages, browsing activity etc. These data are captured in detail and sent to enormous databases indefinitely. Although there might not be any malicious intent motivating these actions, users may not be receptive to being tracked without their consent. Often, users do not have enough knowledge to assess the risk a particular application poses to their personal data. Thus, Northwestern University researchers developed a tool to bridge the communication gap between application developers and users about the collection of sensitive privacy information. Their application, called AutoCog, is capable of automatically extracting information from Android application descriptions and permissions to determine how well sensitive permissions to access private data are stated in app descriptions. Permissions that are not described will be classified as questionable, which will help developers improve their descriptions, as well as inform end users of exactly the types of information that a particular application can access on their device.
- *Inventors
- Yan Chen*Vaibhav RastogiZhengyang Qu
- *Publications
- Qu Z, Rastogi V, Zhang X,Chen Y, Zhu T, Chen Z (2014). AutoCog: Measuring the Description-to-PermissionFidelity in Android Applications, Proceedingsof the 2014 ACM SIGSAC Conference on Computer and Communications Security, 1354-1365.
- Country/Region
- USA
