A Multi-criteria-Based Evaluation of Android Applications

Future Generation Computer Systems

Matteucci

et al. 2018

Self Cite

Android applications (apps) pose many risks to their users, e.g., by including code that may threaten user privacy or system integrity. Most of the current security countermeasures for detecting dangerous apps show some weaknesses, mainly related to users' understanding and acceptance. Hence, users would benefit from an effective but simple technique that indicates whether an app is safe or risky to be installed. In this paper, we present MAETROID (Multi-criteria App Evaluator of TRust for AndrOID), a framework to evaluate the trustworthiness of Android apps, i.e., the amount of risk they pose to users, e.g., in terms of confidentiality and integrity. MAETROID performs a multi-criteria analysis of an app at deploy-time and returns a single easyto-understand evaluation of the app's risk level (i.e., Trusted, Medium Risk, and High Risk), aimed at driving the user decision on whether or not installing a new app. The criteria include the set of requested permissions and a set of metadata retrieved from the marketplace, denoting the app quality and popularity. We have tested MAETROID on a set of 11,000 apps both coming from Google Play and from a database of known malicious apps. The results show a good accuracy in both identifying the malicious apps and in terms of false positive rate.

Section: Maetroid Implementation and Resultsmentioning

confidence: 99%

Section: Threat Scorementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Risk analysis of Android applications: A user-centric solution

Dini

Future Generation Computer Systems

Matteucci

et al. 2018

Self Cite

“…Among the protection mechanisms, as we did for mobile applications [6], we plan to develop ratings for Facebook applications based on the privileges those asks (see also [7]) hence helping users to make informed decisions. Eventually, our goal is to enhance Phook with data control mechanisms and policies that can empower the user with a complete, understandable and predictable control of their data.…”

Section: Discussionmentioning

confidence: 99%

Are photos on Social Networks really private?

Costantino

2013 International Conference on Collaboration Technologies and Systems (CTS)

Sgandurra

2013

Self Cite

Everyday, people upload thousand of private photos on Social Networks. Usually, these photos are available only to their social friends but, in some cases, users inadvertently allow third-party applications to access their data or, analogously, friends allow applications to access their friends' data. Hence, uploaded private pictures may also be accessed by third parties.In this paper, we introduce Phook (Photo-Book), which is a Web application available at www.myphook.com, aimed at searching among users' photos of online Social Network. After two months of activity, Phook was capable of collecting more than 70 Millions private pictures of Facebook users.

“…In this paper, we propose MAETROID (Mobile Application Evaluator of TRust for andrOID), a framework for evaluating the level of trust of Android applications, which extends the framework proposed in [3]. This previous framework estimates the level of trust for an application using static analysis only.…”

Section: Introductionmentioning

confidence: 97%

Evaluating the Trust of Android Applications through an Adaptive and Distributed Multi-criteria Approach

Dini

2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications

Matteucci

et al. 2013

Self Cite

New generation mobile devices, and their app stores, lack of a methodology to associate a level of trust to applications to faithfully represent their potential security risks. This problem is even more critical with newly published applications, for which either user reviews are missing or the number of downloads is still low. In this scenario, users may not fully estimate the risk associated with downloading apps found on online stores. Hence, here we propose a methodology for evaluating the trust level of an application through an adaptive, flexible, and dynamic framework. The evaluation of an application trust is performed using both static and dynamic parameters, which consider the application meta-data, its run-time behavior and the reports of users with respect to the software critical operations. We have validated the proposed approach by testing it on more than 180 real applications found both on official and unofficial markets by showing that it correctly categorizes applications as trusted or untrusted in 94% of the cases and it is resilient to poisoning attacks.