IconIntent: Automatic Identification of Sensitive UI Widgets based on Icon Classification for Android AppsTechnical Track
Many mobile applications (i.e., apps) include UI widgets to use or collect users’ sensitive data. Thus, to identify suspicious sensitive data usage such as UI-permission mismatch, it is crucial to understand the intentions of UI widgets. However, many UI widgets leverage icons of specific shapes (object icons) and icons embedded with text (text icons) to express their intentions, posing challenges for existing detection techniques that analyze only textual data to identify sensitive UI widgets. In this work, we propose a novel app analysis framework, ICONINTENT, that synergistically combines program analysis and icon classification to identify sensitive UI widgets in Android apps. ICONINTENT automatically associates UI widgets and icons via static analysis on app’s UI layout files and code, and then adapts computer vision techniques to classify the associated icons into eight categories of sensitive data. Our evaluations of ICONINTENT on 150 apps from Google Play show that ICONINTENT can detect 248 sensitive UI widgets in 97 apps, achieving a precision of 82.4%. When combined with SUPOR, the state-of-the-art sensitive UI widget identification technique based on text analysis, SUPOR +ICONINTENT can detect 487 sensitive UI widgets (101.2% improvement over SUPOR only), and reduces suspicious permissions to be inspected by 50.7% (129.4% improvement over SUPOR only).
Wed 29 May Times are displayed in time zone: Eastern Time (US & Canada) change
16:00 - 18:00: Mobile AppsPapers / Journal-First Papers / Technical Track / Software Engineering in Practice / New Ideas and Emerging Results at Mansfield / Sherbrooke Chair(s): Sandeep KuttalThe University of Tulsa | |||
16:00 - 16:20 Talk | Large-scale Empirical Study on Industrial Fake AppsSEIPIndustry Program Software Engineering in Practice Chongbin TangEast China Normal University, Sen ChenNanyang Technological University, Singapore, Lingling FanNanyang Technological University, Singapore, Lihua Xu, Yang LiuNanyang Technological University, Singapore, Zhushou TangPwnzen Infotech Inc., Liang DouEast China Normal University | ||
16:20 - 16:40 Talk | Practical Android Test Recording with Espresso Test RecorderSEIPIndustry Program Software Engineering in Practice | ||
16:40 - 17:00 Talk | Mimic: UI Compatibility Testing System for Android AppsTechnical Track Technical Track Taeyeon KiSamsung Research America, Chang Min ParkUniversity at Buffalo, The State University of New York, Karthik DantuUniversity at Buffalo, The State University of New York, Steve KoUniversity at Buffalo, The State University of New York, Lukasz ZiarekSUNY Buffalo, USA | ||
17:00 - 17:20 Talk | IconIntent: Automatic Identification of Sensitive UI Widgets based on Icon Classification for Android AppsTechnical Track Technical Track Xusheng XiaoCase Western Reserve University, Xiaoyin WangUniversity of Texas at San Antonio, USA, Zhihao CaoCase Western Reserve University, Hanlin WangCase Western Reserve University, Peng GaoPrinceton University Pre-print | ||
17:20 - 17:30 Talk | Studying Bad Updates of Top Free-to-Download Apps in the Google Play StoreIndustry ProgramJournal-First Journal-First Papers Safwat HassanQueens University, Kingston, Canada, Cor-Paul BezemerUniversity of Alberta, Canada, Ahmed E. HassanQueen's University | ||
17:30 - 17:40 Talk | Navigation-aware and Personalized Prefetching of Network Requests in Android AppsIndustry ProgramNIER New Ideas and Emerging Results Ivano MalavoltaVrije Universiteit Amsterdam, Francesco NoceraPolytechnic University of Bari, Patricia LagoVrije Universiteit Amsterdam, Marina MongielloPolytechnic University of Bari, Italy Pre-print Media Attached | ||
17:40 - 18:00 Talk | Discussion Period Papers |