Design And Implementation Of An Intent-based Privacy Scoring Tool For Mobile Applications

With the rapid development of sart devices and mobile applications,cell phones and apps are gradually becoming a part of people’s lives.However,there are numerous incidents of apps over-applying permissions and over-collecting users’ private data information.Although app stores have displayed and simplified permission and privacy data access statements,it is difficult for ordinary users to judge whether the intention of an application to apply for permission is reasonable due to the lack of professional knowledge,as the reasonableness of the applied permission is related to its usage intention.Therefore,this paper proposes an intent-based privacy scoring tool for mobile applications to provide security recommendations to users and reduce the risk of privacy leakage.The main work and innovation points are as follows:(1)proposes an intent annotation method based on the functional cluster division of massive application descriptions.1.92 million applications and their descriptions were crawled by crawler tools,and 1.18 million valid application description datasets were obtained after natural language text processing.The applications in the dataset are divided into 214 functional clusters using LDA topic model and K-means clustering algorithm,and their intentions are labeled with the topic words of each cluster.(2)Propose a permission intent identification method based on thirdparty library whitelist and application intent.732 representative applications are selected from 1.18 million applications,and the permissions in their code are analyzed using static analysis techniques,combined with a self-built Android third-party library whitelist containing 305 third-party libraries of 7 intents and application intents to achieve the identification of application permission intents.(3)A privacy scoring tool based on permission intent is designed and implemented.The obtained permission intent identification results of representative applications are publicly released in the form of a survey questionnaire to collect users’ privacy scores for use as learning samples in the XGBoost prediction model to achieve accurate scores for mobile application privacy.