Skip to main content
SpringerLink
Log in

Risky model of mobile application presentation

  • Original Paper
  • Published:
Journal of Computer Virology and Hacking Techniques Aims and scope Submit manuscript

Abstract

The development of the information space has led to a situation where a digital portrait of a user becomes one of the most popular products. The ability to create a high-quality user profile is provided by the modern capabilities of computing systems in combination with methods of intellectual analysis and the availability of large data sets. Mass profiling by various services simultaneously solves the opposite problem—user identification based on traffic analysis and device telemetry, which leads to an increase in the quality of the user profile. In the conditions of large volumes of transmitted data and the progressive number of services providing digital services, the issues of ensuring the safety of user information are becoming the most critical for mobile platforms. Modern requirements for data security mechanisms are formed based on the analysis of system states and are aimed at neutralization of possible malicious effects, without taking into account the possibility of compromising the person by legitimate services or a set of services. In this article, a risky model of application presentation is proposed, aimed at obtaining knowledge about possible channels for compromising personal data by mobile applications for Android 11 OS, however, the developed model can be mostly applied to both other versions of Android and iOS. The presentation model contains 17 features that are used to form a digital portrait of the application. The scientific novelty of the presented model consists in taking into account the methods of software implementation of access to personal data and interaction with the remote infrastructure of the service in order to counteract the compromise of personal data by mobile applications. The set of data studied amounted to more than 150,000 executable files. The results presented in the article are intended for further intellectual analysis, which makes it possible to analyze the degree of compliance of the studied sample with general models of various categories.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16

Similar content being viewed by others

Notes

  1. Federal'nyj zakon ot 27.07.2006 N 152-FZ (red. ot 30.12.2020) «O personal'nyh dannyh» (s izm. i dop., vstup. v silu s 01.03.2021) (In Russian).

  2. McCallister, E., Grance T., Scarfone K.: Guide to Protecting the Confidentiality of Personally Identifiable Information (PII). NIST Special Publication 800-122 (2010).

  3. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Eur-lex.europa.eu. Retrieved 20 August (2013).

  4. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (2018).

  5. Enable multidex for apps with over 64 K methods. https://developer.android.com/studio/build/multidex. Accessed: 13.02.2021.

  6. Documentation. Manifest.Permission: https://developer.android.com/reference/android/Manifest.permission. Accessed: 29.12.2021.

References

  1. Izergin, D., Eremeev, M., Magomedov, S.G., Smirnov, S.: Information security evaluation for Android mobile operating system. Russ. Technol. J. 7(6), 44–55 (2019). (In Russian)

    Article  Google Scholar 

  2. Sihag, V., Vardhan, M., Singh, P.: A survey of android application and malware hardening. Comput. Sci. Rev. 39, 100365 (2021)

    Article  Google Scholar 

  3. Luo, L., Bodden, E., Späth, J.: A qualitative analysis of android taint-analysis results. In: 34th IEEE/ACM International Conference on Automated Software Engineering (ASE). pp. 102–114 (2019)

  4. Official site of Android Developers. https://developer.android.com/reference/java/lang/reflect/package-summary. Accessed 25 Feb 2021

  5. Ma, Z., Ge, H., Liu, Y.: A combination method for android malware detection based on control flow graphs and machine learning algorithms. IEEE Access 99, 425–430 (2019)

    Google Scholar 

  6. Wongwiwatchai, N., Pongkham, P., Sripanidkulchai, K.: Detecting personally identifiable information transmission in android applications using light-weight static analysis. Comput. Secur. 99, 102011 (2020)

    Article  Google Scholar 

  7. Jinhong, Y., Chul-Soo, K.I.M., Onik, M.M.H: Aggregated risk modelling of personal data privacy in internet of things. In: 21st international conference on advanced communication technology (ICACT) (2019)

  8. Onik, M.M.H., Kim, C.S., Lee, N.Y., Yang, J.: Personal Information classification on aggregated android application’s permissions. Appl. Sci. 9, 3997 (2019)

    Article  Google Scholar 

  9. Sokolova, K., Perez, C., Lemercier, M.: Android application classification and anomaly detection with graph-based permission patterns. Comput. Sci. (2017). https://doi.org/10.1016/j.dss.2016.09.006

    Article  Google Scholar 

  10. Jha, A.K., Lee, W.J.: An empirical study of collaborative model and its security risk in android. J. Syst. Softw. 137, 550–562 (2018)

    Article  Google Scholar 

  11. Li, C., Mills, K., Niu, D., Zhu, R., Zhang, H., Kinawi, H.: Android malware detection based on factorization machine. IEEE Access 7, 184008–184019 (2019)

    Article  Google Scholar 

  12. Allix, K., Bissyandé, T., Klein J., Le Traon Y.: AndroZoo: Collecting millions of android apps for the research community. In: MSR '16: Proceedings of the 13th International Conference on Mining Software Repositories. 5, 468–471 (2016)

  13. Tipy vredonosnogo PO. https://www.kaspersky.ru/resource-center/threats/malware-classifications. Accessed: 01 Mar 2021 (In Russian)

  14. Chebyshev, V.: The development of information threats in the first quarter of 2022. Mobile statistics. https://securelist.ru/it-threat-evolution-in-q1-2022-mobile-statistics/105235/. Accessed: 07 June 2022 (In Russian)

  15. Platonova, N.: Sovremennyj podhod k ponimaniju personal’nyh dannyh. Pravo i sovremennye gosudarstva 5, 9–16 (2017). (In Russian)

    Google Scholar 

  16. Permissions overview. URL: https://developer.android.com/guide/topics/permissions/overview. Accessed 04 Feb 2021

  17. Requesting Permission. https://developer.apple.com/design/human-interface-guidelines/ios/app-architecture/requesting-permission/. Accessed 04 Feb 2021

  18. Operating System Market Share Worldwide. URL: http://gs.statcounter.com/os-market-share. Accessed 12 May 2022

  19. Mobile Operating System Market Share Worldwide. URL: http://gs.statcounter.com/os-market-share/mobile/wordwide. Accessed 12 May 2022

  20. Skovoroda, A.A., Gamajunov, D.J.: Analiz mobil’nyh prilozhenij s ispol’zova-niem modelej privilegij i API-vyzovov vredonosnyh prilozhenij. PDM 36, 84–105 (2017). (In Russia)

    Google Scholar 

  21. Lepskiy, A., Bronevich, A.: Matematicheskiye metody raspoznavaniya obrazov: Kurs lektsiy. TTI YuFU (2009) (In Russian)

  22. Rachkovskij, D.: Binarnye vektory dlja bystroj ocenki rasstojanij i shodstv. Kibernetika i sistemnyj analiz, 53(1), 160–183 (2017) (In Russian)

  23. Zheng, X., Cai, Z., Li, Y.: Data linkage in smart internet of things systems: A consideration from a privacy perspective. IEEE Commun. Mag. 56(9), 55–61 (2018)

    Article  Google Scholar 

  24. Fritsch, L., Momen, N.: Derived partial identities generated from app permissions. In open identity summit (OID), Lecture Notes in Informatics (2017)

  25. Lopez, J., Rios, R., Bao, F., Wang, G.: Evolving privacy: From sensors to the internet of things. Futur. Gener. Comput. Syst. 75, 46–57 (2017)

    Article  Google Scholar 

  26. Chong, I., Ge, H., Li, N., Proctor, R.W.: Influence of privacy priming and security framing on mobile app selection. Comput. Secur. 78, 143–154 (2018)

    Article  Google Scholar 

  27. Ahmed, E., Yaqoob, I., Hashem, I.A.T., Shuja, J., Imran, M., Guizani, N., Bakhsh, S.T.: Recent advances and challenges in mobile big data. IEEE Commun. Mag. 56, 102–108 (2018)

    Article  Google Scholar 

  28. Salaxutdinova, K.I.: The method of identifying executable files based on static analysis of the characteristics of disassembled program code, Federal State Budgetary Institution of Science St. Petersburg institute of informatics and automation of the Russian academy of sciences (2019) (In Russian)

  29. Smirnov, S., Eremeev, M., Gorbachev, I., Nefedov, V., Izergin, D.: Analiz tehnik i instrumentov, ispol'zuemyh zloumyshlennikom pri gorizontal'nom peremeshhenii v korporativnoj seti. Zashhita informacii. Insajd, 1(97), 58–61 (2021)

Download references

Acknowledgements

The research was supported by the grants the Ministry of Digital Development, Communications and Mass Media of the Russian Federation (project №. 40469-18/2021-К).

Author information

Authors and Affiliations

  1. MIREA – Russian Technological University, Moscow, Russia, 119454

    Dmitriy Izergin, Mikhail Eremeev & Shamil Magomedov

Authors
  1. Dmitriy Izergin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mikhail Eremeev
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shamil Magomedov
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dmitriy Izergin.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Izergin, D., Eremeev, M. & Magomedov, S. Risky model of mobile application presentation. J Comput Virol Hack Tech 19, 419–441 (2023). https://doi.org/10.1007/s11416-023-00461-6

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-023-00461-6

Keywords

Search

Navigation