IconIntent: Automatic Identification of Sensitive UI Widgets based on Icon Classification for Android AppsTechnical Track
Many mobile applications (i.e., apps) include UI widgets to use or collect users’ sensitive data. Thus, to identify suspicious sensitive data usage such as UI-permission mismatch, it is crucial to understand the intentions of UI widgets. However, many UI widgets leverage icons of specific shapes (object icons) and icons embedded with text (text icons) to express their intentions, posing challenges for existing detection techniques that analyze only textual data to identify sensitive UI widgets. In this work, we propose a novel app analysis framework, ICONINTENT, that synergistically combines program analysis and icon classification to identify sensitive UI widgets in Android apps. ICONINTENT automatically associates UI widgets and icons via static analysis on app’s UI layout files and code, and then adapts computer vision techniques to classify the associated icons into eight categories of sensitive data. Our evaluations of ICONINTENT on 150 apps from Google Play show that ICONINTENT can detect 248 sensitive UI widgets in 97 apps, achieving a precision of 82.4%. When combined with SUPOR, the state-of-the-art sensitive UI widget identification technique based on text analysis, SUPOR +ICONINTENT can detect 487 sensitive UI widgets (101.2% improvement over SUPOR only), and reduces suspicious permissions to be inspected by 50.7% (129.4% improvement over SUPOR only).
Wed 29 May
16:00 - 18:00: Papers - Mobile Apps at Mansfield / Sherbrooke Chair(s): Sandeep KuttalThe University of Tulsa | ||||||||||||||||||||||||||||||||||||||||||
| 16:00 - 16:20 Talk | Chongbin TangEast China Normal University, Sen ChenEast China Normal University, China/Nanyang Technological University, Singapore, Lingling FanEast China Normal University, China/Nanyang Technological University, Singapore, Lihua Xu, Yang LiuNanyang Technological University, Singapore, Zhushou TangPwnzen Infotech Inc., Liang DouEast China Normal University | |||||||||||||||||||||||||||||||||||||||||
| 16:20 - 16:40 Talk | ||||||||||||||||||||||||||||||||||||||||||
| 16:40 - 17:00 Talk | Taeyeon KiSamsung Research America, Chang Min ParkUniversity at Buffalo, The State University of New York, Karthik DantuUniversity at Buffalo, The State University of New York, Steve KoUniversity at Buffalo, The State University of New York, Lukasz ZiarekSUNY Buffalo, USA | |||||||||||||||||||||||||||||||||||||||||
| 17:00 - 17:20 Talk | Xusheng XiaoCase Western Reserve University, Xiaoyin WangUniversity of Texas at San Antonio, USA, Zhihao CaoCase Western Reserve University, Hanlin WangCase Western Reserve University, Peng GaoPrinceton University Pre-print | |||||||||||||||||||||||||||||||||||||||||
| 17:20 - 17:30 Talk | Safwat HassanQueens University, Kingston, Canada, Cor-Paul BezemerUniversity of Alberta, Canada, Ahmed E. HassanQueen's University | |||||||||||||||||||||||||||||||||||||||||
| 17:30 - 17:40 Talk | Ivano MalavoltaVrije Universiteit Amsterdam, Francesco NoceraPolytechnic University of Bari, Patricia LagoVrije Universiteit Amsterdam, Marina MongielloPolytechnic University of Bari, Italy Pre-print Media Attached | |||||||||||||||||||||||||||||||||||||||||
| 17:40 - 18:00 Talk | ||||||||||||||||||||||||||||||||||||||||||