{"title":"Classification and security assessment of android apps","authors":"Eralda Caushaj, Vijayan Sugumaran","doi":"10.1007/s43926-023-00047-0","DOIUrl":null,"url":null,"abstract":"Abstract Current mobile platforms pose many privacy risks for the users. Android applications (apps) request access to device resources and data, such as storage, GPS location, camera, microphone, SMS, phone identity, and network information. Legitimate mobile apps, advertisements (ads), and malware all require access to mobile resources and data to function properly. Therefore, it is difficult for the user to make informed decisions that effectively balance their privacy and app functionality. This study analyzes the Android application permissions, ad networks and the impact on end-user’s privacy. Dangerous combinations of app permissions, and ad networks are used as features in our prediction models to understand the behavior of apps. Our models have a high classification accuracy of 95.9% considering the imbalance in real life between benign and malicious apps. Our assumption that certain app permissions can be a potential threat to the privacy of end users is confirmed to be one of the most impactful features of our prediction models. Since our study considers the impact of ad networks and malware permissions, it will help end-users make more informed decision about the app permissions they grant and understand that the app permissions open doors to more vulnerabilities, and at some point, benign apps can behave maliciously.","PeriodicalId":34751,"journal":{"name":"Discover Internet of Things","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Discover Internet of Things","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1007/s43926-023-00047-0","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Abstract Current mobile platforms pose many privacy risks for the users. Android applications (apps) request access to device resources and data, such as storage, GPS location, camera, microphone, SMS, phone identity, and network information. Legitimate mobile apps, advertisements (ads), and malware all require access to mobile resources and data to function properly. Therefore, it is difficult for the user to make informed decisions that effectively balance their privacy and app functionality. This study analyzes the Android application permissions, ad networks and the impact on end-user’s privacy. Dangerous combinations of app permissions, and ad networks are used as features in our prediction models to understand the behavior of apps. Our models have a high classification accuracy of 95.9% considering the imbalance in real life between benign and malicious apps. Our assumption that certain app permissions can be a potential threat to the privacy of end users is confirmed to be one of the most impactful features of our prediction models. Since our study considers the impact of ad networks and malware permissions, it will help end-users make more informed decision about the app permissions they grant and understand that the app permissions open doors to more vulnerabilities, and at some point, benign apps can behave maliciously.
期刊介绍:
Discover Internet of Things is part of the Discover journal series committed to providing a streamlined submission process, rapid review and publication, and a high level of author service at every stage. It is an open access, community-focussed journal publishing research from across all fields relevant to the Internet of Things (IoT), providing cutting-edge and state-of-art research findings to researchers, academicians, students, and engineers.
Discover Internet of Things is a broad, open access journal publishing research from across all fields relevant to IoT. Discover Internet of Things covers concepts at the component, hardware, and system level as well as programming, operating systems, software, applications and other technology-oriented research topics. The journal is uniquely interdisciplinary because its scope spans several research communities, ranging from computer systems to communication, optimisation, big data analytics, and application. It is also intended that articles published in Discover Internet of Things may help to support and accelerate Sustainable Development Goal 9: ‘Build resilient infrastructure, promote inclusive and sustainable industrialization and foster innovation’.
Discover Internet of Things welcomes all observational, experimental, theoretical, analytical, mathematical modelling, data-driven, and applied approaches that advance the study of all aspects of IoT research.