IconIntent: Automatic Identification of Sensitive UI Widgets based on Icon Classification for Android AppsTechnical Track
Many mobile applications (i.e., apps) include UI widgets to use or collect users’ sensitive data. Thus, to identify suspicious sensitive data usage such as UI-permission mismatch, it is crucial to understand the intentions of UI widgets. However, many UI widgets leverage icons of specific shapes (object icons) and icons embedded with text (text icons) to express their intentions, posing challenges for existing detection techniques that analyze only textual data to identify sensitive UI widgets. In this work, we propose a novel app analysis framework, ICONINTENT, that synergistically combines program analysis and icon classification to identify sensitive UI widgets in Android apps. ICONINTENT automatically associates UI widgets and icons via static analysis on app’s UI layout files and code, and then adapts computer vision techniques to classify the associated icons into eight categories of sensitive data. Our evaluations of ICONINTENT on 150 apps from Google Play show that ICONINTENT can detect 248 sensitive UI widgets in 97 apps, achieving a precision of 82.4%. When combined with SUPOR, the state-of-the-art sensitive UI widget identification technique based on text analysis, SUPOR +ICONINTENT can detect 487 sensitive UI widgets (101.2% improvement over SUPOR only), and reduces suspicious permissions to be inspected by 50.7% (129.4% improvement over SUPOR only).
Wed 29 MayDisplayed time zone: Eastern Time (US & Canada) change
16:00 - 18:00 | Mobile AppsJournal-First Papers / Technical Track / Software Engineering in Practice / Papers / New Ideas and Emerging Results at Mansfield / Sherbrooke Chair(s): Sandeep Kuttal The University of Tulsa | ||
16:00 20mTalk | Large-scale Empirical Study on Industrial Fake AppsSEIPIndustry Program Software Engineering in Practice Chongbin Tang East China Normal University, Sen Chen Nanyang Technological University, Singapore, Lingling Fan Nanyang Technological University, Singapore, Lihua Xu , Yang Liu Nanyang Technological University, Singapore, Zhushou Tang Pwnzen Infotech Inc., Liang Dou East China Normal University | ||
16:20 20mTalk | Practical Android Test Recording with Espresso Test RecorderSEIPIndustry Program Software Engineering in Practice | ||
16:40 20mTalk | Mimic: UI Compatibility Testing System for Android AppsTechnical Track Technical Track Taeyeon Ki Samsung Research America, Chang Min Park University at Buffalo, The State University of New York, Karthik Dantu University at Buffalo, The State University of New York, Steve Ko University at Buffalo, The State University of New York, Lukasz Ziarek SUNY Buffalo, USA | ||
17:00 20mTalk | IconIntent: Automatic Identification of Sensitive UI Widgets based on Icon Classification for Android AppsTechnical Track Technical Track Xusheng Xiao Case Western Reserve University, Xiaoyin Wang University of Texas at San Antonio, USA, Zhihao Cao Case Western Reserve University, Hanlin Wang Case Western Reserve University, Peng Gao Princeton University Pre-print | ||
17:20 10mTalk | Studying Bad Updates of Top Free-to-Download Apps in the Google Play StoreIndustry ProgramJournal-First Journal-First Papers Safwat Hassan Queens University, Kingston, Canada, Cor-Paul Bezemer University of Alberta, Canada, Ahmed E. Hassan Queen's University | ||
17:30 10mTalk | Navigation-aware and Personalized Prefetching of Network Requests in Android AppsIndustry ProgramNIER New Ideas and Emerging Results Ivano Malavolta Vrije Universiteit Amsterdam, Francesco Nocera Polytechnic University of Bari, Patricia Lago Vrije Universiteit Amsterdam, Marina Mongiello Polytechnic University of Bari, Italy Pre-print Media Attached | ||
17:40 20mTalk | Discussion Period Papers | ||