WHYPER: Towards Automating Risk Assessment of Mobile Applications
In this paper, the authors present the first step in addressing this challenge. Specifically, they focus on permissions for a given application and examine whether the application description provides any indication for: why the application needs permission. They present WHYPER, a framework using Natural Language Processing (NLP) techniques to identify sentences that describe the need for a given permission in an application description. WHYPER achieves an average precision of 82.8%, and an average recall of 81.5% for three permissions (address book, calendar, and record audio) that protect frequently used security and privacy sensitive resources. These results demonstrate great promise in using NLP techniques to bridge the semantic gap between user expectations and application functionality, further aiding the risk assessment of mobile applications.