Sharing runtime permission issues for developers based on similar-app review mining

Abstract

The Android operating system introduces an ask-on-first-use permission policy after 6.0 version to regulate access to user data, which raises Permission-Related Issues (PRIS for short). Relevant research has been conducted to identify the PRIS through investigating users’ opinions towards runtime permissions. These efforts mainly focus on helping users understand and be aware of permissions, but neglect to assist developers in discovering permission requirements. In this paper, we propose a novel framework named PRISharer, which mines potential permission issues from the reviews of similar apps to assist developers in discovering possible permission requirements at runtime. PRISharer first builds a deep fine-grained classifier to identify similar apps, and then employs sentiment analysis based keywords extraction to mine permission-related reviews from similar apps’ reviews. Finally, the <category, permission, issues> mappings based on a multi-label learning method are generated to provide a PRIS profile for developers. The results of comparative experiments on more than 12 million reviews of 17,741 Android apps demonstrate that PRISharer achieves (i) superior performance in terms of F1-score for PRIS analysis, with an average improvement of 24.4%, (ii) the best recall (89.3%) in extracting permission-related reviews and (iii) 82.4% positive responses by expert developers, through which the effectiveness of PRISharer is well verified.