A detailed study on risk assessment of mobile app permissions

 
 
 
  • Abstract
  • Keywords
  • References
  • PDF
  • Abstract


    Mobile phone have user’s personal and private information. When mobile applications have the permission to access to this information they may leak it to third parties without user’s consent for their own benefits. As users are not aware of how their personal information would be used once applications are installed and permissions are granted, this raises a potential privacy concern. Therefore, there is a need for a risk assessment model that can intimate the users about the threats the mobile application poses to the user's private information. We propose an approach that helps in increasing user’s awareness of the privacy risk involved with granting permissions to Android applications. The proposed model focuses on the requested permissions of the application and determines the risk based on the permission set asked and gives a risk score.


  • Keywords


    Risk Assessment; Android; Applications; Privacy Leakage; App Permissions.

  • References


      [1] Wei Wang, Xing Wang, Dawei Feng, Jiqiang Liu, Zhen Han, and Xiangliang Zhang , "Exploring Permission-induced Risk in Android Applications for Malicious Application Detection " in IEEE transactions on information forensics and security in 2015

      [2] Mylonas, A., et al., A qualitative metrics vector for the awareness of smartphone security users, in Proceedings of Trust, privacy, and security in digital business, 2013, pp.173-184.

      [3] Mylonas, A., et al., Delegate the smartphone user? Security awareness in smartphone platforms, Computers & Security, 2013, pp.47-66.https://doi.org/10.1016/j.cose.2012.11.004.

      [4] Google: Privacy policies for android apps developed by third parties 2013, Retrieved 2016, from https:// support.google.com/googleplay/answer/2666094?hl=en

      [5] Commission Nationale de l’Informatique et des Libertés (CNIL), Methodology for Privacy Risk Management, 2012.

      [6] Gibler, C. et al., Androidleaks: Automatically detecting potential privacy leaks in android applications on a large scale, in Proceedings of the 5th International Conference on Trust andTrustworthy Computing, Vienna, Austria, 2012.https://doi.org/10.1007/978-3-642-30921-2_17.

      [7] T.-E. Wei, A. B. Jeng, H.-M. Lee, C.-H. Chen, and C.-W. Tien, “Android Privacy,” in Proc. Int. Conf. Mach. Learn. Cybern., Xian, China, Jul. 15–17, 2012, pp. 1830–1837.

      [8] T. Isohara, K. Takemori, and A. Kubota, “Kernel-based behavior analysis for android malware detection,” in Proc. 7th Int. Conf. Comput. Intell.Security, 2011, pp. 1011–1015.https://doi.org/10.1109/CIS.2011.226.

      [9] M. Tschersicha et al., “Towards privacy-enhanced mobile communities— Architecture, concepts and user trials,” J. Syst. Softw., vol. 84, no. 11, Nov. 2011.https://doi.org/10.1016/j.jss.2011.06.048.

      [10] W. B. Tesfay, T. Booth, and K. Andersson, “Reputation based security model for android applications,” in Proc. IEEE 11th Int. Conf. Trust, Security Privacy Comput. Commun, 2012, pp. 896–901.https://doi.org/10.1109/TrustCom.2012.236.

      [11] N. A. Mutawa, I. Baggili, and A. Marrington, “Forensic analysis of social networking applications on mobile devices,” Digit. Investigation, vol. 9, pp. 24–33, Aug. 2012.https://doi.org/10.1016/j.diin.2012.05.007.

      [12] A. Shabtai and Y. Elovici, “Applying behavioral detection on androidbased devices,” in Proc. Mobilware, vol. 48, Lecture Notes of the Institute for Computer Sciences, 2010, pp. 235–249.

      [13] A. P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner, “A survey of mobile malware in the wild,” in Proc. 1st ACMWorkshop SPSM, Chicago, IL, USA, 2011, pp. 3–14.

      [14] Y. Nadji, J. Giffin, and P. Trayno, “Automated remote repair for mobile malware,” in Proc. 27th ACSAC, 2011, pp. 413–422.https://doi.org/10.1145/2076732.2076791.

      [15] M. Landman, “Managing smart phone security risks,” in Proc. InfoSecCD, 2010, pp. 145–155.

      [16] G. Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos, “Paranoid android: Versatile protection for smartphones,” in Proc. 26th ACSAC, 2015, pp. 347–356.

      [17] Triantaphyllou, E. and Mann, S.H., Using the Analytic Hierarchy Process for decision making in engineering applications: some challenges, International Journal of Industrial Engineering: Applications and Practice, 1995, 2(1), pp.35-44.

      [18] Saaty, T.L., Decision making with the analytic hierarchy process, International journal of services sciences, 2008, 1(1), pp.83-98.https://doi.org/10.1504/IJSSCI.2008.017590.


 

View

Download

Article ID: 9706
 
DOI: 10.14419/ijet.v7i1.1.9706




Copyright © 2012-2015 Science Publishing Corporation Inc. All rights reserved.