Semantics-Aware Privacy Risk Assessment Using Self-Learning Weight Assignment for Mobile Apps

Most of the existing mobile application (app) vetting mechanisms only estimate risks at a coarse-grained level by analyzing app syntax but not semantics. We propose a semantics-aware privacy risk assessment framework (SPRisk), which considers the sensitivity discrepancy of privacy-related factors at semantic level. Our framework can provide qualitative (i.e., risk level) and quantitative (i.e., risk score) assessment results, both of which help users make decisions to install an app or not. Furthermore, to find the reasonable weight distribution of each factor automatically, we exploit a self-learning weight assignment method, which is based on fuzzy clustering and knowledge dependency theory. We implement a prototype system and evaluate the effectiveness of SPRisk with 192,445 normal apps and 7,111 malicious apps. A measurement study further reveals some interesting findings, such as the privacy risk distribution of Google Play Store, the diversity of official and unofficial marketplaces, which provide insights into understanding the seriousness of privacy threat in the Android ecosystem.

• Publication year

  2018

• Venue

  IEEE Transactions on Dependable and Secure Computing

• Publication date

  2018-09-24

• Fields of study

  Computer Science

• Identifiers
  DOI 10.1109/TDSC.2018.2871682
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Uncovering the Face of Android Ransomware: Characterization and Real-Time Detection

  2018cited by this paper
• Free for All! Assessing User Data Exposure to Advertising Libraries on Android

  2016cited by this paper
• Going Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code Sandboxing Policy

  2016cited by this paper
• TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime

  2016cited by this paper
• Reliable Third-Party Library Detection in Android and its Security Applications

  2016influential reference
• The Price of Free: Privacy Leakage in Personalized Mobile In-Apps Ads

  2016cited by this paper
• UNVEIL: A large-scale, automated approach to detecting ransomware (keynote)

  2016cited by this paper
• What Mobile Ads Know About Mobile Users

  2016cited by this paper
• Effective Real-Time Android Application Auditing

  2015cited by this paper
• Towards Automated Risk Assessment and Mitigation of Mobile Applications

  2015influential reference
• Android Permissions Remystified: A Field Study on Contextual Integrity

  2015cited by this paper
• UIPicker: User-Input Privacy Identification in Mobile Applications

  2015cited by this paper
• Information Flow Analysis of Android Applications in DroidSafe

  2015cited by this paper
• AUTOREB: Automatically Understanding the Review-to-Behavior Fidelity in Android Applications

  2015cited by this paper
• SUPOR: Precise and Scalable Sensitive User Input Detection for Android Apps

  2015cited by this paper
• MAdScope: Characterizing Mobile In-App Targeted Ads

  2015cited by this paper
• Semantics-Aware Android Malware Classification Using Weighted Contextual API Dependency Graphs

  2014cited by this paper
• A measurement study of google play

  2014cited by this paper
• Drebin : � Efficient and Explainable Detection of Android Malware in Your Pocket

  2014influential reference
• AutoCog: Measuring the Description-to-permission Fidelity in Android Applications

  2014cited by this paper
• FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps

  2014influential reference
• A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks

  2014influential reference
• I know what leaked in your pocket: uncovering privacy leaks on Android Apps with Static Taint Analysis

  2014cited by this paper
• Brahmastra: Driving Apps to Test the Security of Third-Party Components

  2014cited by this paper
• WHYPER: Towards Automating Risk Assessment of Mobile Applications

  2013cited by this paper
• Droid Analytics: A Signature Based Analytic System to Collect, Extract, Analyze and Associate Android Malware

  2013cited by this paper
• DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android

  2013cited by this paper
• AppIntent: analyzing sensitive data transmission in android for privacy leakage detection

  2013cited by this paper
• Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets

  2012cited by this paper
• Dissecting Android Malware: Characterization and Evolution

  2012influential reference
• Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing

  2012cited by this paper
• CHEX: statically vetting Android apps for component hijacking vulnerabilities

  2012cited by this paper
• Using probabilistic generative models for ranking risks of Android apps

  2012cited by this paper
• Rough Sets

  2009cited by this paper

• PrivESD: A Privacy-Preserving Cloud-Edge Collaborative Logistic Regression Model Over Encrypted Streaming Data

  2026cites this paper
• AEDroid: Adaptive Enhanced Android Malware Detection‐Based on Interpretability of Deep Learning

  2025cites this paper
• MiniTracker: Large-Scale Sensitive Information Tracking in Mini Apps

  2024cites this paper
• RoD2M: Robust Deep Multi-modal Multi-label Model for Mobile App Security Rating

  2024cites this paper
• Social Privacy-Preserving Modeling Based on Graphical Evolutionary Game and Infectious Disease Dissemination Dynamics

  2024cites this paper
• A Decision Probability Transformation Method Based on the Neural Network

  2022cites this paper
• An investigation study for risk calculation of security vulnerabilities on android applications

  2022cites this paper
• The Development of Privacy Protection Standards for Smart Home

  2022cites this paper
• HashDroid:Extraction of malicious features of Android applications based on function call graph pruning

  2022cites this paper
• Delphi study of risk to individuals who disclose personal information online

  2021cites this paper
• Risk Management Governance in Applications

  2020cites this paper
• PowerPrint: Identifying Smartphones through Power Consumption of the Battery

  2020cites this paper
• CaIAuth: Context-Aware Implicit Authentication When the Screen Is Awake

  2020cites this paper
• A Global Optimal Model for Protecting Privacy

  2020cites this paper
• A Gender and Age Prediction Algorithm Using Big Data Analytic Based on Mobile APPs Information

  2018cites this paper