Paper citation:

Yang, Shao, Yuehan Wang, Yuan Yao, Haoyu Wang, Yanfang Ye, and Xusheng Xiao. “Describectx: context-aware description synthesis for sensitive behaviors in mobile apps.” In Proceedings of the 44th International Conference on Software Engineering, pp. 685–697. 2022.

Summary:

Generate app description given the code, GUI text, and requested permissions.

Approach:

1. Extract features from code

1. Create an inter component call graph (ICCG), the nodes are methods and the edges are call relations.
2. Prune from the graph any nodes that is not a sensitive API, or is not on the way from an entry point to a sensitive API, the resulting graph is the Permission-Protected-API Call Graph (PACG).
3. Convert the graph to a sequence of words by splitting method names assuming they use camel case (getLastKnownLocation becomes get, last, known, location) and removing any obfuscated method names (too short like a, b, or not in a dictionary).

2. Extract features from GUI

1. Find activities whose methods are in the PACG, scan the activity for all loaded layout files.
2. Parse layout files to extract text (text views, button names, image names, …).
3. In case a sensitive API has no related activity in its PACG, GUI text is used from similar apps using TD-IDF between the text extracted from the call graph and GUI of other apps that use the same permission.

3. Extract features from permission policy

1. From the app description permission policy (where developers indicate why the permissions are needed), use NLP to extract the text related to each permission.

My thoughts:

1. The pros

• Takes into account methods that leads to sensitive APIs and related texts

2. The cons

• When sensitive APIs are not triggered by activities, GUI text is extracted from “similar” apps that have similar graphs, this could cause false positives
• Does not take into account non-sensitive APIs or obfuscated code
• Relies on developers to be write trustworthy permission policies