APIMind is a novel automated tool to assess description-to-permission fidelity in Android apps. The tool consists of two modules: Trigger and Fidelity Analyzer. Trigger utilizes a reinforcement learning model to explore app activities and monitor access to sensitive APIs that require sensitive permissions. Fidelity Analyzer uses an extended tool to check whether an activity collects more sensitive permissions than the users expect.
These instructions will get you a copy of the project up and running on your local machine for development and testing purposes.
- A rooted Google Pixel 5 device
- Frida version corresponding to your device if not a Google Pixel 5 device
- Python >= 3.7.3
- Required Python packages (see requirements.txt)
- Download the APIMind GitHub repository to your local machine.
- Install required dependencies by running the following command:
pip install -r requirements.txt
- Please note that if you are using an emulator or another rooted device, instead of a Google Pixel 5 device, it is necessary to download the appropriate version of Frida. Otherwise, the project will not launch successfully.
- Connect your rooted Google Pixel 5 mobile device to your local machine and enable USB debugging.
- Run the Trigger module to monitor and record app activity and sensitive API access.
cd Trigger python trigger.py - Use the recorded data as input for the Fidelity Analyzer module to evaluate whether app activity collects more sensitive permissions than the users expect. Please note that Fidelity Analyzer has slight variations in each run. The log of Fidelity Analyzer’s results in our paper is shown in
gb2.log.cd FidelityAnalyzer python fidelity_analyzer.py - Analyze the output report generated by the Fidelity Analyzer module to assess description-to-permission fidelity.
Trigger will output the contents like the Figure below when it runs successfully.
The output of Fidelity Analyzer is shown in the figure below.
This project is licensed under the MIT License.
We would like to thank the anonymous reviewers for their valuable feedback and suggestions.
If you have any questions or suggestions, please feel free to contact us.