Skip to main content

AutoCog: Description-to-Permission Fidelity Software

For licensing information, contact:
Michael Moeller, Invention Manager
847-491-4201
michael.moeller@northwestern.edu
For Information, Contact:
Ashley Block
Post Licensing Manager Northwestern University
Innovation & New Ventures Office 847-467-2225 INVOLicenseCompliance@northwestern.edu

NU 2014-055

 

Inventors

Yan Chen*

Vaibhav Rastogi

Zhengyang Qu

 

Short Description

New application designed to assess whether an application description accurately conveys the permissions it requires to function on a smart phone

 

Abstract

Mobile applications on smartphones frequently access sensitive privacy information, such as location data, contacts, photos, calls, text messages, browsing activity etc. These data are captured in detail and sent to enormous databases indefinitely. Although there might not be any malicious intent motivating these actions, users may not be receptive to being tracked without their consent. Often, users do not have enough knowledge to assess the risk a particular application poses to their personal data. Thus, Northwestern University researchers developed a tool to bridge the communication gap between application developers and users about the collection of sensitive privacy information. Their application, called AutoCog, is capable of automatically extracting information from Android application descriptions and permissions to determine how well sensitive permissions to access private data are stated in app descriptions. Permissions that are not described will be classified as questionable, which will help developers improve their descriptions, as well as inform end users of exactly the types of information that a particular application can access on their device.

 

Applications

  • Tool for application developers to assess the quality of descriptions
  • Tool for end users to determine if an application is risky to use

 

Advantages

  • State-of-the-art natural language processing technique
  • High average precision (92.6%) and recall (92%)
  • Generalizable over various permissions

 

Publications

Qu Z, Rastogi V, Zhang X, Chen Y, Zhu T, and Chen Z (2014) AutoCog: Measuring the Description-to-Permission Fidelity in Android Applications. Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. 1354-1365.

 

IP Status

Provisional US patent application has been filed.

Patent Information:
Categories:

Physical Sciences > Software & Services

Keywords:

Application
Computer software
Cybersecurity
Mobile app