A comprehensive study of permission usage on android

Nowadays, redundant permissions and probing permissions are common in Android applications and third-party libraries, which may cause massive security threats to their users. Existing tools used for permission analysis may introduce incorrect detection results, due to their regardless of the relationships between permissions and the values of function parameters and fields. In order to extract the exact used permissions in Android applications and third-party libraries, we propose a Dalvik register-based data flow analysis technique (DARFA) to get the parameter values of function parameters and fields. By leveraging DARFA, we design and implement PermHunter, a static analysis tool, to detect redundant permissions and probing permissions in Android apps and third-party libraries. We have evaluated PermHunter by analyzing 45 third-party libraries and 653 applications. These results indicate that nearly half of these third-party libraries have redundant permissions and probing permissions, and the proportions in Android applications are even higher.