The install time permission system of android is designed to get users informed of the domain of access for a specific application and perhaps the risks associated with it. However this comes with some drawbacks as far as ordinary users are concerned. It is an “all or nothing” system in which users are left with no choice but to discard applications once they are not satisfied with even a single permission among the list. Furthermore, users may also lack the ability to understand each of those permissions listed making it hard to distinguish malwares and clean applications. In this work I have carried out a comprehensive risk assessment for android permissions and applications by using statistical approaches on the patterns of permission requests from both clean and malware android applications. The result proved efficient for ranking risk levels of user applications. From a data set of 10256 applications of which 5100 were malware samples, I carried out an intuitive statistical analysis coupled with a classification technique in order to generate risk scores for android applications based on permission request patterns and market characteristics. The resulting system was able to accurately classify 66.6 percent of randomly selected samples from the data set. As a prove of concept, I developed a basic android application that can be able to show the risk ranking of user applications based on my approach. The results prove to be useful as a first hand determination of trust of applications in environments such as third party android markets. It can also be used for fishing out over privileged user applications.
為了持續優化網站功能與使用者體驗,本網站將Cookies分析技術用於網站營運、分析和個人化服務之目的。
若您繼續瀏覽本網站,即表示您同意本網站使用Cookies。