Semantic-aware Comment Analysis Approach for API Permission Mapping on Android

As Android platform is protected by permissions, which is one of the most powerful access control models of Android, it is possible to restrict the use of certain sensitive APIs. In contrast, many applications declare permissions more than they need, requiring API permission specification to detect these cases. However, prominent previous research has not been focused on java documents or comment from Android developers, despite a lot of information. To address this problem, we propose a novel method to analyze naturally written comments from Android developers for API permission map construction. We extract all comments and java documents from raw Android source code and extract permission information using natural language processing techniques. At the same time, we parse naturally written source code and extract API signature, to perform the mapping between permission. Moreover, we categorize all permissions and APIs according to their behavior explained in the comment to measure the potential risk level resulted from misuse. Our experiment on Android 10, which is the latest version, mapped 3,012 APIs with permission, and categorized semantically with seven different categories.