Security-oriented view of app behaviour using textual descriptions and user-granted permission requests

Oluwafemi Olukoya, Lewis Mackenzie, Inah Omoronyia

Research output: Contribution to journalArticlepeer-review

16 Citations (Scopus)


One of the major Android security mechanisms for enforcing restrictions on the core facilities of a device that an app can access is permission control. However, there is an enormous amount of risk with regards to granting permissions since 97% of malicious mobile malware targets Android. As malware is becoming more complicated, recent research proposed a promising approach that checks implemented app behaviour against advertised app behaviour for inconsistencies. In this paper, we investigate such inconsistencies by matching the permission an app requests with the natural language descriptions of the app which gives an intuitive idea of user expected behaviour of the app. Then, we propose exploiting an enhanced app description to improve malware detection based on app descriptions and permissions. To evaluate the performance, we carried out various experiments with 56K apks. Our proposed enhancement reduces the false positives of the state-of-the-art approaches, Whyper, AutoCog, CHABADA by at least 87%, and TAPVerifier by at least 57%. We proposed a novel approach for evaluating the robustness of textual descriptions for permission-based malware detection. Our experimental results demonstrate a high detection recall rate of 98.72% on 71 up-to-date malware families and a precision of 90% on obfuscated samples of benign and malware apks. Our results also show that analysing sensitive permissions requested and UI textual descriptions provides a promising avenue for sustainable Android malware detection.
Original languageEnglish
Article number101685
JournalComputers & Security
Early online date06 Dec 2019
Publication statusPublished - Feb 2020
Externally publishedYes


Dive into the research topics of 'Security-oriented view of app behaviour using textual descriptions and user-granted permission requests'. Together they form a unique fingerprint.

Cite this