Official Android permission documentation is inaccurate and incomplete, leading developers to request unnecessary or inappropriate permissions—introducing security risks. Existing static/dynamic analysis approaches for API-permission mapping suffer from poor adaptability across Android versions, low coverage, and frequent omission of implicit associations. This paper proposes an LLM-driven intelligent mapping discovery framework: it employs a dual-role prompting strategy to enhance semantic understanding and integrates API-driven code generation with static analysis to systematically uncover implicit mappings between sensitive APIs and permissions. The method exhibits strong version adaptability and extensibility, discovering 2,234, 3,552, and 4,576 novel API-permission mappings on Android 6, 7, and 10, respectively—substantially outperforming state-of-the-art tools. By significantly improving the accuracy and security of permission declarations, our approach advances practical permission management in Android development.

The permission mechanism in the Android Framework is integral to safeguarding the privacy of users by managing users' and processes' access to sensitive resources and operations. As such, developers need to be equipped with an in-depth understanding of API permissions to build robust Android apps. Unfortunately, the official API documentation by Android chronically suffers from imprecision and incompleteness, causing developers to spend significant effort to accurately discern necessary permissions. This potentially leads to incorrect permission declarations in Android app development, potentially resulting in security violations and app failures. Recent efforts in improving permission specification primarily leverage static and dynamic code analyses to uncover API-permission mappings within the Android framework. Yet, these methodologies encounter substantial shortcomings, including poor adaptability to Android SDK and Framework updates, restricted code coverage, and a propensity to overlook essential API-permission mappings in intricate codebases. This paper introduces a pioneering approach utilizing large language models (LLMs) for a systematic examination of API-permission mappings. In addition to employing LLMs, we integrate a dual-role prompting strategy and an API-driven code generation approach into our mapping discovery pipeline, resulting in the development of the corresponding tool, ool{}. We formulate three research questions to evaluate the efficacy of ool{} against state-of-the-art baselines, assess the completeness of official SDK documentation, and analyze the evolution of permission-required APIs across different SDK releases. Our experimental results reveal that ool{} identifies 2,234, 3,552, and 4,576 API-permission mappings in Android versions 6, 7, and 10 respectively, substantially outprforming existing baselines.