Automated Detection and Repair of Incompatible Uses of Runtime Permissions in Android Apps

摘要

The runtime permission model of Android enhances security yet also constitutes a source of incompatibility issues that impedes the productivity of mobile developers. This paper presents a novel analysis that detects the incompatible permission uses in a given app and repairs them when found, hence automatically adapting the app to the runtime permission model. The key approach is to check and enforce the app's conformance to the runtime permission use protocol through static control flow analysis and bytecode transformation. We implemented our technique as an open-source tool, ARPDroid, and initially evaluated it on 20 incompatible and 3 compatible real-world apps, assisted by manual ground truth and verification. Our results show that ARPDroid achieved 100% detection accuracy, 90% repair success rate, and 91.3% overall adaptation success rate at an average time cost of about two minutes.