GGrantIndex
← Search

CRII: SaTC: Enhancing Mobile App Security by Detecting Icon-Behavior Contradiction

$190,923FY2018CSENSF

Case Western Reserve University, Cleveland OH

Investigators

Abstract

Mobile applications (i.e., apps) are becoming critical parts in our daily life. While these apps provide better customized services using users' personal data, certain behavior of the apps is less than desirable or harmful. For example, if an app's user interface (UI) has no texts or images to indicate that it will access users' personal data (e.g., GPS data), but the app discloses users' personal data when an action is performed (e.g., pressing a button), then red flags should be raised. Thus, it is crucial to understand the intents of the app to determine whether the app will perform within the user's expectation. Various research efforts have been dedicated to understand apps' intents via analyzing the semantics of texts in UI. However, images, especially icons, remain unexplored. In apps' UIs, icons are often used in interactive widgets (e.g., buttons) to express the intents to use sensitive data. It is often difficult to analyze the semantics of icons due to the varieties in image styles and the lack of descriptive texts. The proposed research will build a knowledge base of icons' semantics via collecting icons from apps in major smartphone markets, and develop a framework to infer the semantics of icons based on the collected icons. More specifically, the PI proposes to adapt computer vision techniques to develop icon recognition techniques that identify similar icons based on the collected icons, and leverage program analysis techniques to check the compatibility between the icons and the program behaviors. Furthermore, this research will combine the semantics of both texts and icons to better detect undesired behavior in apps. The proposed research in understanding apps' intents improves mobile app security, which will have tremendous economical impact on society due to our increasing reliance on mobile apps. The proposed techniques will also benefit the security analysis of other event-driven GUI software applications, such as desktop applications, wearable apps, and web apps. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

View original record on NSF Award Search →