Correlating UI Contexts with Sensitive API Calls: Dynamic Semantic Extraction and Analysis

The Android framework provides sensitive APIs for Android apps to access the user’s private information, e.g., SMS, call logs and locations. Whether a sensitive API call in an app is legitimate or not depends on whether the app has provided enough natural-language semantics to reflect the need for the permission. The prior efforts on analyzing description-to-permission fidelity in an app are all static. Some check whether the permissions requested (or sensitive APIs used) by the app are consistent with the functionalities described by the app. These app-level techniques are too coarse-grained, as they cannot tell if a sensitive API call under a certain runtime context, such as a UI state, is legitimate or not. Others attempt to establish this connection by performing a data-flow analysis, but such finegrained API-level static analyses are too imprecise to handle a variety of dynamic language features used in Android apps, including dynamic class loading, reflection and code obfuscation.We introduce APICOG, an automated fine-grained API-level approach, representing the first dynamic description-to-permission fidelity analysis for an Android app that can check if a sensitive API call is legitimate or not under a given runtime context. APICOG relates each sensitive API call with a UI state, called its UI context, under which the call is made via dynamic analysis and then extracts the text-based semantics for each UI context from its associated text- and image-typed attributes by applying a natural language processing (NLP) technique. Finally, APICOG relies on machine-learning to deduce if a sensitive API call under a UI context is legitimate or not. We have evaluated APICOG with thousands of Android apps drawn from a third-party market and a malware dataset, achieving an accuracy of 97.7%, a precision of 94.1% and a recall of 92.8% overall, outperforming the prior art in all the three metrics.