Assessing the Effectiveness of an LLM-Based Permission Model for Android

Roberto Milanese; Roberto Milanese; Roberto Milanese; Michele Guerra; Michele Guerra; Michele Daniele; Michele Daniele; Giovanni Fabbrocino; Fausto Fasano; Fausto Fasano

doi:10.5220/0013128100003899

Assessing the Effectiveness of an LLM-Based Permission Model for Android

Roberto Milanese, Roberto Milanese, Roberto Milanese, Michele Guerra, Michele Guerra, Michele Daniele, Michele Daniele, Giovanni Fabbrocino, Fausto Fasano, Fausto Fasano

2025

Abstract

With the widespread use of mobile apps, users are frequently required to make decisions about app permissions. However, most people lack the knowledge to fully understand the consequences of their choices. Apps often request access to sensitive data, sometimes in the background and without clear justification, making users the weakest link in the security chain. This inadvertently exposes them to privacy breaches and malicious activities. Despite improvements, Android’s permission system remains inadequate in helping users make informed, real-time decisions. In this paper, we investigate the feasibility of an approach to address this critical gap that leverages the power of Large Language Models (LLMs) and Multi-Modal Large Language Models (MLLMs). We propose a system that dynamically evaluates permission requests by analyzing the full context of the UI on mobile app screens. Unlike traditional permission models, which rely on static rules or user input, our approach integrates seamlessly into existing systems, interpreting the relationships between UI elements and requested permissions to make aware, real-time decisions about whether the request is necessary or potentially harmful. Our evaluation on 123,552 UI screens from 70 popular Android apps revealed promising results, reaching 81% accuracy. By reducing the cognitive load on users and offering real-time protection against security threats or supporting a more informed choice by the user, our system can enhance existing permission models, providing a step towards smarter and safer mobile ecosystems. This solution paves the way for integrating intelligent permission systems that proactively shield users from risks while ensuring data security without overwhelming them with complex decisions.

Download

Paper Citation

in Harvard Style

Milanese R., Guerra M., Daniele M., Fabbrocino G. and Fasano F. (2025). Assessing the Effectiveness of an LLM-Based Permission Model for Android. In Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP; ISBN 978-989-758-735-1, SciTePress, pages 36-47. DOI: 10.5220/0013128100003899

in Bibtex Style

@conference{icissp25,
author={Roberto Milanese and Michele Guerra and Michele Daniele and Giovanni Fabbrocino and Fausto Fasano},
title={Assessing the Effectiveness of an LLM-Based Permission Model for Android},
booktitle={Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP},
year={2025},
pages={36-47},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013128100003899},
isbn={978-989-758-735-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP
TI - Assessing the Effectiveness of an LLM-Based Permission Model for Android
SN - 978-989-758-735-1
AU - Milanese R.
AU - Guerra M.
AU - Daniele M.
AU - Fabbrocino G.
AU - Fasano F.
PY - 2025
SP - 36
EP - 47
DO - 10.5220/0013128100003899
PB - SciTePress