Abstract
Android users can face the risk of downloading and installing bad applications on their devices. In fact, many applications may either hide malware, or their expected behavior do not fully follow the user’s expectation. This happens because, at install-time, even if the user is warned with the potential security threat of the application, she often skips this alert message. On Android this is due to the complexity of the permission system, which may be tricky to fully understand.
We propose a multi-criteria evaluation of Android applications, to help the user to easily understand the trustworthiness degree of an application, both from a security and a functional side. We validate our approach by testing it on more than 180 real applications found either on official and unofficial markets.
The research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grant no 256980 (NESSoS) and under grant no 257930 (Aniketos).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Bugiel, S., Davi, L., Dmitrienko, A., Heuser, S., Sadeghi, A.R., Shastry, B.: Practical and Lightweight Domain Isolation on Android. In: 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2011), pp. 51–61. ACM (2011)
Zhou, Y., Zhang, X., Jiang, X., Freeh, V.W.: Taming Information-Stealing Smartphone Applications (on Android). In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) Trust 2011. LNCS, vol. 6740, pp. 93–107. Springer, Heidelberg (2011)
Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: User attention, comprehension, and behavior. Technical report, Electrical Engineering and Computer SciencesUniversity of California at Berkeley (2012), http://www.eecs.berkeley.edu/Pubs/TechRpts/2012/EECS-2012-26.html
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android Permissions Demystified. In: 8th ACM Conference on Computer and Communications Security (CCS 2011), pp. 627–638. ACM (2011)
Jiang, X.: Multiple Security Alerts: New Android Malware Found in Official and Alternative Android Markets (2011), http://www.csc.ncsu.edu/faculty/jiang/pubs/index.html
Dini, G., Martinelli, F., Matteucci, I., Petrocchi, M., Saracino, A., Sgandurra, D.: A Multi-Criteria-Based Evaluation of Android Applications. Technical report, Istituto di Informatica e Telematica, CNR, Pisa (2012), http://www.iit.cnr.it/node/17019
Saaty, T.L.: Decision-making with the ahp: Why is the principal eigenvector necessary. European Journal of Operational Research 145(1), 85–91 (2003)
Saaty, T.L.: Decision making with the analytic hierarchy process. International Journal of Services Sciences 1(1) (2008)
Saaty, T.L.: How to make a decision: The analytic hierarchy process. European Journal of Operational Research 48(1), 9–26 (1990)
Saaty, T.L.: A scaling method for priorities in hierarchical structures. Journal of Mathematical Psychology 15(3), 234–281 (1977)
Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2011), pp. 3–14. ACM (2011)
Cannings, R.: An update on Android Market security (2011), http://googlemobile.blogspot.com/2011/03/update-on-android-market-security.html
Enck, W., Ongtang, M., McDaniel, P.: On Lightweight Mobile Phone Application Certification. In: 16th ACM Conference on Computer and Communications Security (CCS 2009), pp. 235–254. ACM (2009)
Nauman, M., Khan, S., Zhang, X.: Apex: Extending Android Permission Model and Enforcement with User-defined Runtime Constraints. In: 5th ACM Symposium on Information Computer and Communication Security (ASIACCS 2010), ACM (2010)
Barrera, D., Kayacik, H.G., van Oorschot, P.C., Somayaji, A.: A Methodology for Empirical Analysis of Permission-Based Security Models and its Application to Android. In: 17th ACM Conference on Computer and Communications Security (CCS 2010). ACM (2010)
Saaty, T.L.: Decision making with the analytic hierarchy process. International Journal of Services Sciences 1, 83–98 (2008)
Costantino, G., Martinelli, F., Petrocchi, M.: Priorities-based review computation. In: AAAI Spring Symposium, 2012 1st Workshop on Intelligent Web Services Meet Social Computing, vol. SS-12-04 (2012)
Matteucci, I., Mori, P., Petrocchi, M.: Prioritized execution of privacy policies. In: 2012 7th Intl. Workshop on Data Privacy Management, DPM (2012)
Colantonio, A.: Prioritizing role engineering objectives using the analytic hierarchy process. In: De Marco, M., Te’eni, D., Albano, V., Za, S. (eds.) Information Systems: Crossroads for Organization, Management, Accounting and Engineering, pp. 419–427. Physica-Verlag HD (2012)
Rajbhandari, L., Snekkenes, E.: An approach to measure effectiveness of control for risk analysis with game theory. In: 2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST), pp. 24–29 (2011)
Dini, G., Martinelli, F., Saracino, A., Sgandurra, D.: MADAM: A Multi-Level Anomaly Detector for Android Malware. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 240–253. Springer, Heidelberg (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dini, G., Martinelli, F., Matteucci, I., Petrocchi, M., Saracino, A., Sgandurra, D. (2012). A Multi-criteria-Based Evaluation of Android Applications. In: Mitchell, C.J., Tomlinson, A. (eds) Trusted Systems. INTRUST 2012. Lecture Notes in Computer Science, vol 7711. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35371-0_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-35371-0_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35370-3
Online ISBN: 978-3-642-35371-0
eBook Packages: Computer ScienceComputer Science (R0)