Android Permission Usage: a First Step towards Detecting Abusive Applications

Thousands of mobile applications are available on mobile markets and actively used everyday. One of the mobile market leaders – Android – does not verify the security of applications published on its market and assumes that users will carefully judge the applications themselves using the information available on the marketplace. A common assumption is that the list of permissions associated with each application provides users with security and privacy indications, but previous works have shown that users are barely able to understand and analyse those permission lists. Very few works propose solutions that could help users in deciding whether or not to install an application. Despite Android permissions’ lack of user-friendliness, they are an impor- tant source of information. In this work, we analyse permissions used by a large set of applications for different Android market categories and define the core permission patterns characterising each one. The patterns obtained are a first step towards building an indicator for detecting normal and possibly over-privileged applications on the market.