Mapping between Android permissions (that we define in the manisfest file ) to corresponding API calls /methods

The mapping is not provided by Google, but two three major research studies have been attempted to recover this information.

The first study was done by Berkeley using a dynamic analysis technique to mine the mapping from Android 2.2. They created an online tool where you can submit your app for some analysis (now offline).

The second study was done by the University of Toronto. They used a static analysis approach to mine the mappings from a few representative versions of Android (2.2.3, 2.3.6, 3.2.2, 4.0.1, and 4.1.1). Note that it appears that PScout is now being actively maintained again by the authors and there are current mappings available.

Both of these tools have some caveats as discussed by the papers and as a result the mappings produced are not perfect, but it is better than nothing.


Update: PScout is no longer being actively maintained. A group in Germany at Saarland University was able make some improvements on PScout and produce published mapping results for Android APIs 16, 17, 18, 19, 21, 22, and 23. The tool source does not appear to be available.


Link: Berkeley Paper (Android Permissions Demystified)

Link: Berkeley Stowaway Tool (tool appears to be permanently offline now, and the authors now recommend using PScout results for analysis)

Link: Toronto Paper (PScout: Analyzing the Android Permission Specification)

Link: Toronto PScout Tool

Link: PScout II on Github

Link: Saarland University Paper (axplorer: On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis)

Link: axplorer Permission Mapping Results


Update: Shameless self-promotion of my Android Essentials Toolbox open source Eclipse plugin that can be used to apply the permission mappings in the Atlas visual program analysis framework. Permission mappings are based on PScout and axplorer results and can be applied to Android source or binary projects. A UI is included for browsing the permission mappings (used permissions are highlighted red).

enter image description here