A detailed study on risk assessment of mobile app permissions
Keywords:Risk Assessment, Android, Applications, Privacy Leakage, App Permissions.
Mobile phone have userâ€™s personal and private information. When mobile applications have the permission to access to this information they may leak it to third parties without userâ€™s consent for their own benefits. As users are not aware of how their personal information would be used once applications are installed and permissions are granted, this raises a potential privacy concern. Therefore, there is a need for a risk assessment model that can intimate the users about the threats the mobile application poses to the user's private information. We propose an approach that helps in increasing userâ€™s awareness of the privacy risk involved with granting permissions to Android applications. The proposed model focuses on the requested permissions of the application and determines the risk based on the permission set asked and gives a risk score.
 Wei Wang, Xing Wang, Dawei Feng, Jiqiang Liu, Zhen Han, and Xiangliang Zhang , "Exploring Permission-induced Risk in Android Applications for Malicious Application Detection " in IEEE transactions on information forensics and security in 2015
 Mylonas, A., et al., A qualitative metrics vector for the awareness of smartphone security users, in Proceedings of Trust, privacy, and security in digital business, 2013, pp.173-184.
 Mylonas, A., et al., Delegate the smartphone user? Security awareness in smartphone platforms, Computers & Security, 2013, pp.47-66.https://doi.org/10.1016/j.cose.2012.11.004.
 Google: Privacy policies for android apps developed by third parties 2013, Retrieved 2016, from https:// support.google.com/googleplay/answer/2666094?hl=en
 Commission Nationale de lâ€™Informatique et des LibertÃ©s (CNIL), Methodology for Privacy Risk Management, 2012.
 Gibler, C. et al., Androidleaks: Automatically detecting potential privacy leaks in android applications on a large scale, in Proceedings of the 5th International Conference on Trust andTrustworthy Computing, Vienna, Austria, 2012.https://doi.org/10.1007/978-3-642-30921-2_17.
 T.-E. Wei, A. B. Jeng, H.-M. Lee, C.-H. Chen, and C.-W. Tien, â€œAndroid Privacy,â€ in Proc. Int. Conf. Mach. Learn. Cybern., Xian, China, Jul. 15â€“17, 2012, pp. 1830â€“1837.
 T. Isohara, K. Takemori, and A. Kubota, â€œKernel-based behavior analysis for android malware detection,â€ in Proc. 7th Int. Conf. Comput. Intell.Security, 2011, pp. 1011â€“1015.https://doi.org/10.1109/CIS.2011.226.
 M. Tschersicha et al., â€œTowards privacy-enhanced mobile communitiesâ€” Architecture, concepts and user trials,â€ J. Syst. Softw., vol. 84, no. 11, Nov. 2011.https://doi.org/10.1016/j.jss.2011.06.048.
 W. B. Tesfay, T. Booth, and K. Andersson, â€œReputation based security model for android applications,â€ in Proc. IEEE 11th Int. Conf. Trust, Security Privacy Comput. Commun, 2012, pp. 896â€“901.https://doi.org/10.1109/TrustCom.2012.236.
 N. A. Mutawa, I. Baggili, and A. Marrington, â€œForensic analysis of social networking applications on mobile devices,â€ Digit. Investigation, vol. 9, pp. 24â€“33, Aug. 2012.https://doi.org/10.1016/j.diin.2012.05.007.
 A. Shabtai and Y. Elovici, â€œApplying behavioral detection on androidbased devices,â€ in Proc. Mobilware, vol. 48, Lecture Notes of the Institute for Computer Sciences, 2010, pp. 235â€“249.
 A. P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner, â€œA survey of mobile malware in the wild,â€ in Proc. 1st ACMWorkshop SPSM, Chicago, IL, USA, 2011, pp. 3â€“14.
 Y. Nadji, J. Giffin, and P. Trayno, â€œAutomated remote repair for mobile malware,â€ in Proc. 27th ACSAC, 2011, pp. 413â€“422.https://doi.org/10.1145/2076732.2076791.
 M. Landman, â€œManaging smart phone security risks,â€ in Proc. InfoSecCD, 2010, pp. 145â€“155.
 G. Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos, â€œParanoid android: Versatile protection for smartphones,â€ in Proc. 26th ACSAC, 2015, pp. 347â€“356.
 Triantaphyllou, E. and Mann, S.H., Using the Analytic Hierarchy Process for decision making in engineering applications: some challenges, International Journal of Industrial Engineering: Applications and Practice, 1995, 2(1), pp.35-44.
 Saaty, T.L., Decision making with the analytic hierarchy process, International journal of services sciences, 2008, 1(1), pp.83-98.https://doi.org/10.1504/IJSSCI.2008.017590.