Skip to main content
Springer Nature Link
Log in

A Multi-criteria-Based Evaluation of Android Applications

  • Conference paper
Trusted Systems (INTRUST 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7711))

Included in the following conference series:

Abstract

Android users can face the risk of downloading and installing bad applications on their devices. In fact, many applications may either hide malware, or their expected behavior do not fully follow the user’s expectation. This happens because, at install-time, even if the user is warned with the potential security threat of the application, she often skips this alert message. On Android this is due to the complexity of the permission system, which may be tricky to fully understand.

We propose a multi-criteria evaluation of Android applications, to help the user to easily understand the trustworthiness degree of an application, both from a security and a functional side. We validate our approach by testing it on more than 180 real applications found either on official and unofficial markets.

The research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grant no 256980 (NESSoS) and under grant no 257930 (Aniketos).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Bugiel, S., Davi, L., Dmitrienko, A., Heuser, S., Sadeghi, A.R., Shastry, B.: Practical and Lightweight Domain Isolation on Android. In: 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2011), pp. 51–61. ACM (2011)

    Google Scholar 

  2. Zhou, Y., Zhang, X., Jiang, X., Freeh, V.W.: Taming Information-Stealing Smartphone Applications (on Android). In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) Trust 2011. LNCS, vol. 6740, pp. 93–107. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  3. Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: User attention, comprehension, and behavior. Technical report, Electrical Engineering and Computer SciencesUniversity of California at Berkeley (2012), http://www.eecs.berkeley.edu/Pubs/TechRpts/2012/EECS-2012-26.html

  4. Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android Permissions Demystified. In: 8th ACM Conference on Computer and Communications Security (CCS 2011), pp. 627–638. ACM (2011)

    Google Scholar 

  5. Jiang, X.: Multiple Security Alerts: New Android Malware Found in Official and Alternative Android Markets (2011), http://www.csc.ncsu.edu/faculty/jiang/pubs/index.html

  6. Dini, G., Martinelli, F., Matteucci, I., Petrocchi, M., Saracino, A., Sgandurra, D.: A Multi-Criteria-Based Evaluation of Android Applications. Technical report, Istituto di Informatica e Telematica, CNR, Pisa (2012), http://www.iit.cnr.it/node/17019

  7. Saaty, T.L.: Decision-making with the ahp: Why is the principal eigenvector necessary. European Journal of Operational Research 145(1), 85–91 (2003)

    Article  MathSciNet  MATH  Google Scholar 

  8. Saaty, T.L.: Decision making with the analytic hierarchy process. International Journal of Services Sciences 1(1) (2008)

    Google Scholar 

  9. Saaty, T.L.: How to make a decision: The analytic hierarchy process. European Journal of Operational Research 48(1), 9–26 (1990)

    Article  MATH  Google Scholar 

  10. Saaty, T.L.: A scaling method for priorities in hierarchical structures. Journal of Mathematical Psychology 15(3), 234–281 (1977)

    Article  MathSciNet  MATH  Google Scholar 

  11. Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2011), pp. 3–14. ACM (2011)

    Google Scholar 

  12. Cannings, R.: An update on Android Market security (2011), http://googlemobile.blogspot.com/2011/03/update-on-android-market-security.html

  13. Enck, W., Ongtang, M., McDaniel, P.: On Lightweight Mobile Phone Application Certification. In: 16th ACM Conference on Computer and Communications Security (CCS 2009), pp. 235–254. ACM (2009)

    Google Scholar 

  14. Nauman, M., Khan, S., Zhang, X.: Apex: Extending Android Permission Model and Enforcement with User-defined Runtime Constraints. In: 5th ACM Symposium on Information Computer and Communication Security (ASIACCS 2010), ACM (2010)

    Google Scholar 

  15. Barrera, D., Kayacik, H.G., van Oorschot, P.C., Somayaji, A.: A Methodology for Empirical Analysis of Permission-Based Security Models and its Application to Android. In: 17th ACM Conference on Computer and Communications Security (CCS 2010). ACM (2010)

    Google Scholar 

  16. Saaty, T.L.: Decision making with the analytic hierarchy process. International Journal of Services Sciences 1, 83–98 (2008)

    Article  MathSciNet  Google Scholar 

  17. Costantino, G., Martinelli, F., Petrocchi, M.: Priorities-based review computation. In: AAAI Spring Symposium, 2012 1st Workshop on Intelligent Web Services Meet Social Computing, vol. SS-12-04 (2012)

    Google Scholar 

  18. Matteucci, I., Mori, P., Petrocchi, M.: Prioritized execution of privacy policies. In: 2012 7th Intl. Workshop on Data Privacy Management, DPM (2012)

    Google Scholar 

  19. Colantonio, A.: Prioritizing role engineering objectives using the analytic hierarchy process. In: De Marco, M., Te’eni, D., Albano, V., Za, S. (eds.) Information Systems: Crossroads for Organization, Management, Accounting and Engineering, pp. 419–427. Physica-Verlag HD (2012)

    Google Scholar 

  20. Rajbhandari, L., Snekkenes, E.: An approach to measure effectiveness of control for risk analysis with game theory. In: 2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST), pp. 24–29 (2011)

    Google Scholar 

  21. Dini, G., Martinelli, F., Saracino, A., Sgandurra, D.: MADAM: A Multi-Level Anomaly Detector for Android Malware. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 240–253. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dipartimento di Ingegneria dell’ Informazione, Università di Pisa, Italy

    Gianluca Dini & Andrea Saracino

  2. Istituto di Informatica e Telematica, CNR, Pisa, Italy

    Fabio Martinelli, Ilaria Matteucci, Marinella Petrocchi, Andrea Saracino & Daniele Sgandurra

Authors
  1. Gianluca Dini
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fabio Martinelli
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ilaria Matteucci
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Marinella Petrocchi
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Andrea Saracino
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Daniele Sgandurra
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Information Security Group, University of London, Royal Holloway, TW20 0EX, Egham, Surrey, UK

    Chris J. Mitchell  & Allan Tomlinson  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Dini, G., Martinelli, F., Matteucci, I., Petrocchi, M., Saracino, A., Sgandurra, D. (2012). A Multi-criteria-Based Evaluation of Android Applications. In: Mitchell, C.J., Tomlinson, A. (eds) Trusted Systems. INTRUST 2012. Lecture Notes in Computer Science, vol 7711. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35371-0_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-35371-0_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-35370-3

  • Online ISBN: 978-3-642-35371-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation