Towards Privacy Risk Analysis in Android Applications Using Machine Learning Approaches

Sharma, Kavita; Gupta, Brij B.

doi:10.4018/ijesma.2019040101

Cited by 31 publications

(7 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As the main goal of the risk model is to consider the permission aggregation caused privacy risk to identical owners, the study might have limited accuracy. The accuracy of our proposed classification showed a lower score in comparison to other Android application based PII classification approaches [68,97]. The size of the dataset was one of the major limitations of this study.…”

Section: Limitationsmentioning

confidence: 74%

See 1 more Smart Citation

Personal Information Classification on Aggregated Android Application’s Permissions

et al. 2019

View full text Add to dashboard Cite

Android is offering millions of apps on Google Play-store by the application publishers. However, those publishers do have a parent organization and share information with them. Through the ‘Android permission system’, a user permits an app to access sensitive personal data. Large-scale personal data integration can reveal user identity, enabling new insights and earn revenue for the organizations. Similarly, aggregation of Android app permissions by the app owning parent organizations can also cause privacy leakage by revealing the user profile. This work classifies risky personal data by proposing a threat model on the large-scale app permission aggregation by the app publishers and associated owners. A Google-play application programming interface (API) assisted web app is developed that visualizes all the permissions an app owner can collectively gather through multiple apps released via several publishers. The work empirically validates the performance of the risk model with two case studies. The top two Korean app owners, seven publishers, 108 apps and 720 sets of permissions are studied. With reasonable accuracy, the study finds the contact number, biometric ID, address, social graph, human behavior, email, location and unique ID as frequently exposed data. Finally, the work concludes that the real-time tracking of aggregated permissions can limit the odds of user profiling.

show abstract

Section: Limitationsmentioning

confidence: 74%

“…As classification helps to differentiate attack surfaces and prepare accordingly [64], studies [7,9,10,17,65] have already analyzed app permissions for privacy threat modeling [66][67][68]. A study [69] states five ways of privacy breaching through the app permission system.…”

Section: Android Application Permission Associated Privacy Riskmentioning

confidence: 99%

Personal Information Classification on Aggregated Android Application’s Permissions

et al. 2019

View full text Add to dashboard Cite

show abstract

“…AndroidManifest.XML file is present in the root directory, which stores essential information related to application on the Android system. 36,37 The permission mechanism should be working effectively before allowing the application to get the required asset. In any case, consents for every single proclaimed permission is not required for the particular application.…”

Section: • Signature-based Approachmentioning

confidence: 99%

“…The data stored in the device cannot be accessed without the required permissions. AndroidManifest.XML file is present in the root directory, which stores essential information related to application on the Android system 36,37 . The permission mechanism should be working effectively before allowing the application to get the required asset.…”

Section: Background Information On Permission Analysismentioning

confidence: 99%

Privacy issues of android application permissions: A literature review

Shrivastava

Kumar

Gupta

et al. 2019

Trans Emerging Tel Tech

View full text Add to dashboard Cite

Android is an application platform for mobile devices. It comprises of the operating system, software framework, and core programs. This platform uses permissions to hide precious information about the user from untrusted apps. However, to install an application, device feature uses permissions that are granted by the user. User has the ability to analyze permissions and abort the setup if the permissions are unfriendly or unrestrained. Android permission analysis schemes show a significant role to fight against these undesirable behaviors of untrusted android apps in the aspect of security and privacy. This survey attempts to deal with the android application permissions that are related security and privacy challenges. It includes various research articles published in computers and security, digital investigation, decision support systems, systems and software security, and information forensics journals in the last 10 years. The survey is based on the following considerations: research issues motivated by the scheme, the methodology used, ability of result analysis conducted, and android features considered for performance evaluation.

show abstract

“…It can also distinguish high‐level malware and identify high‐risk malware. In contrast, regarding dynamic investigations, fundamental discovery and analysis are performed at runtime (Li et al, 2018; Navarro, Navarro, Grégio, Rocha, & Dahab, 2018; Nirumand, Zamani, & Tork Ladani, 2019; Sharma & Gupta, 2019; Tam, Feizollah, Anuar, Salleh, & Cavallaro, 2017).…”

Section: Introductionmentioning

confidence: 99%

Android application behavioural analysis for data leakage

Shrivastava

Kumar

2019

Expert Systems

View full text Add to dashboard Cite

An android application requires specific permissions from the user to access the system resources and perform required functionalities. Recently, the android market has experienced exponential growth, which leads to malware applications. These applications are purposefully developed by hackers to access private data of the users and adversely affect the application usability. A suitable tool to detect malware is urgently needed, as malware may harm the user. As both malware and clean applications require similar types of permissions, so it becomes a very challenging task to differentiate between them. A novel algorithm is proposed to identify the malware-based applications by probing the permission patterns. The proposed method uses the k-means algorithm to quarantine the malware application by obtaining permission clusters. An efficiency of 90% (approx.) is attained for malicious behaviour, which validates this work. This work substantiates the use of application permissions for potential applications in android malware detection.

show abstract

Towards Privacy Risk Analysis in Android Applications Using Machine Learning Approaches

Cited by 31 publications

References 41 publications

Personal Information Classification on Aggregated Android Application’s Permissions

Personal Information Classification on Aggregated Android Application’s Permissions

Privacy issues of android application permissions: A literature review

Android application behavioural analysis for data leakage

Contact Info

Product

Resources

About