Collaborative Research: SaTC: CORE: Small: Toward Personalized and Trustworthy Mobile App Recommendations via Grounding App Behaviors

The rapid growth of mobile apps has made them an integral part of daily life. However, the overwhelming number of available options and rising security concerns make it challenging for users to choose apps that are not only safe but also match their preferences. While traditional recommendation systems help alleviate users’ cognitive overload by suggesting personalized options, they often fail to account for security-related risks, potentially exposing users to harmful apps. Therefore, there is a critical need to develop new approaches that prioritize the safety of apps and the alignment with users’ preferences based on their historical interactions. To tackle this pressing challenge, this proposal aims to synergize the strengths of Large Language Models (LLMs) and program analysis to enhance mobile app recommendations. First, we will develop an accessible static analysis tool to analyze app actions for security and privacy risks. Then, we will design an LLM-based deep reinforcement learning (DRL) framework to ground app behaviors using the ?ndings of static analyses and by simulating user interactions with apps. Finally, we will build a conversational recom- mendation system that nudges the recommendations toward safer apps while addressing users’ preferences and communicating the outcomes of complex program analyses in accessible natural language. Intellectual Merit We plan to realize the above via three research tasks. (i) We seek to advance static analysis by introducing new program slicing techniques for mobile apps that focus on user-interpretable actions, integrate permissions awareness, and account for critical code in life-cycle and event callbacks, as well as inter-component communication. The proposed approach can produce accessible ?ndings that enhance end-user understanding of app actions and associated risks. (ii) Our DRL framework aims to ground app behaviors via simulated user interactions with apps by addressing the limitations of state-of-the-art agents that are typically restricted to single-step interactions and face challenges with new, unseen con?gurations. We plan to realize this contribution by developing multi-step DRL agents that combine the strengths of both of?ine and online DRL algorithms. (iii) Finally, this proposal will introduce a new class of recommender systems that can seamlessly integrate security considerations into the recommendation process by enabling targeted interventions on user preferences. This contribution will enhance user safety while maintaining user satisfaction by balancing security with personalized recommendations. The contributions outlined in this proposal will establish a strong foundation for developing multi-step agents that can automatically validate previously unobserved system behaviors, integrate comprehensive, often con?icting, analysis ?ndings, and interactively present the results in accessible natural language. Broader Impact Bene?ts to Society: This project will enhance user safety from security and privacy threats by offering secure and personalized mobile app recommendations. Additionally, it will promote digital literacy by translating complex app behaviors and analysis ?ndings into accessible natural language for everyday users. EPSCoR: Both Louisiana State University (LSU) and the University of Kentucky (UKY) are located in EPSCoR-eligible regions. This project will enable the PIs to establish strong research programs and train students in AI/ML and program analysis. Consequently, it will enhance Louisiana and Kentucky’s computing education and research capabilities and promote long-term growth and competitiveness. BPC Plan: This project aims to broaden participation in computing by hosting educational and informa- tional seminars for K-12 students, including those at Westdale Middle School (69% African-American) in Baton Rouge, LA, and Cardinal Valley Elementary (73% Hispanic) in Lexington, KY. Benchmarks and Dissemination: This project will establish benchmarks for future research and compar- isons, and disseminate ?ndings through publications and presentations at AI/ML and PL/SE conferences. Research-Integrated Curriculum. We plan to integrate our research ?ndings into relevant graduate and undergraduate courses – SE (CSC 7135) at LSU and ML (CS 460G) at UKY – taught by the PIs. Keywords: Software; Data Science, ML and AI.