![Page 1: A multi- Criteria - based Evaluation of Android Application](https://reader035.vdocuments.us/reader035/viewer/2022062520/568165c1550346895dd8c983/html5/thumbnails/1.jpg)
A multi-Criteria-based Evaluation of Android Application
Andrea Saracino,G. Dini, F. Martinelli, I. Matteucci,
M.Petrocchi, D. Sgandurra
InTrust 2012
![Page 2: A multi- Criteria - based Evaluation of Android Application](https://reader035.vdocuments.us/reader035/viewer/2022062520/568165c1550346895dd8c983/html5/thumbnails/2.jpg)
![Page 3: A multi- Criteria - based Evaluation of Android Application](https://reader035.vdocuments.us/reader035/viewer/2022062520/568165c1550346895dd8c983/html5/thumbnails/3.jpg)
Android
• Largest Market Share.
• Plethora of applications.
• Several marketplace.– Official.– Unofficial.
61%
![Page 4: A multi- Criteria - based Evaluation of Android Application](https://reader035.vdocuments.us/reader035/viewer/2022062520/568165c1550346895dd8c983/html5/thumbnails/4.jpg)
Can we trust them??
• Android is the platform with the largest increase of malware attacks.
• More than 37 malware families specific for Android.
• Malware found even in official markets.
![Page 5: A multi- Criteria - based Evaluation of Android Application](https://reader035.vdocuments.us/reader035/viewer/2022062520/568165c1550346895dd8c983/html5/thumbnails/5.jpg)
Android Security
• Sandboxing
• Permissions
Native security mechanisms?
![Page 6: A multi- Criteria - based Evaluation of Android Application](https://reader035.vdocuments.us/reader035/viewer/2022062520/568165c1550346895dd8c983/html5/thumbnails/6.jpg)
The Permission System
• Access Control mechanism.
• Declared by app developer in Manifest file.
![Page 7: A multi- Criteria - based Evaluation of Android Application](https://reader035.vdocuments.us/reader035/viewer/2022062520/568165c1550346895dd8c983/html5/thumbnails/7.jpg)
The Permission System (1)
• Who takes the decision on Application Security?
• THE USER!!
![Page 8: A multi- Criteria - based Evaluation of Android Application](https://reader035.vdocuments.us/reader035/viewer/2022062520/568165c1550346895dd8c983/html5/thumbnails/8.jpg)
The Permission System (2)
• Several users do not understand or care about permissions.
• The user can only accept all the permissions or abort the installation.
• Too rough grained permissions.• Permission overdeclaration.
![Page 9: A multi- Criteria - based Evaluation of Android Application](https://reader035.vdocuments.us/reader035/viewer/2022062520/568165c1550346895dd8c983/html5/thumbnails/9.jpg)
What we propose
• A threat based classification of Android Permissions.
• A threat index to assess the hazardousness of an application.
• A multi-criteria decision system to help the user in understanding whether an application is secure or not.
![Page 10: A multi- Criteria - based Evaluation of Android Application](https://reader035.vdocuments.us/reader035/viewer/2022062520/568165c1550346895dd8c983/html5/thumbnails/10.jpg)
Type of threats
• Each permission receives a threat score on three parameters.
• ACCESS_COARSE_LOCATION– Privacy: 0.6– System: 0– Money: 0
• These parameters simply describe which security aspect is threatened by the application’s permissions.
![Page 11: A multi- Criteria - based Evaluation of Android Application](https://reader035.vdocuments.us/reader035/viewer/2022062520/568165c1550346895dd8c983/html5/thumbnails/11.jpg)
Privacy Threat
• Permissions that allow an application to:– Read Contacts– Read text messages– Access user’s accounts and passwords– Read IMEI and location
![Page 12: A multi- Criteria - based Evaluation of Android Application](https://reader035.vdocuments.us/reader035/viewer/2022062520/568165c1550346895dd8c983/html5/thumbnails/12.jpg)
Money Threat
• Permissions that allow an application to:– Perform phone calls.– Send SMS messages.– Use the internet connection.– Modify connection settings.
![Page 13: A multi- Criteria - based Evaluation of Android Application](https://reader035.vdocuments.us/reader035/viewer/2022062520/568165c1550346895dd8c983/html5/thumbnails/13.jpg)
System Threat
• Permissions that allow an application to:– Install/Uninstall applications on the phone.– Enable/Disable connection interfaces (Wi-Fi,
Bluetooth, … ).– Switch on/off the smartphone screen.
![Page 14: A multi- Criteria - based Evaluation of Android Application](https://reader035.vdocuments.us/reader035/viewer/2022062520/568165c1550346895dd8c983/html5/thumbnails/14.jpg)
Threat Levels
No Threat
Low Threat
Low – To –Moderate Threat
Moderate Threat
Moderate to High Threat
High Threat
![Page 15: A multi- Criteria - based Evaluation of Android Application](https://reader035.vdocuments.us/reader035/viewer/2022062520/568165c1550346895dd8c983/html5/thumbnails/15.jpg)
Threat Score• Extraction of permissions from the manifest for each
application.
• Computation of a global threat score.– Ranges from 1 - no permissions required - to 15 - all permissions
required.– An application with a score higher than 7 is considered a very
dangerous application.
• Developer should declare only the necessaries permissions. (Contrast Overdeclaration).
![Page 16: A multi- Criteria - based Evaluation of Android Application](https://reader035.vdocuments.us/reader035/viewer/2022062520/568165c1550346895dd8c983/html5/thumbnails/16.jpg)
Assessment of App Security
• Permissions may not be sufficient to decide whether an application is secure or not.– Applications that really needs several permissions.– Malware that does not require dangerous
permissions.• Add more criteria to assess the app quality.
• Use of a Multi-Criteria decision System.
![Page 17: A multi- Criteria - based Evaluation of Android Application](https://reader035.vdocuments.us/reader035/viewer/2022062520/568165c1550346895dd8c983/html5/thumbnails/17.jpg)
Multi-Criteria Decision (1)
• Analytic Hierarchic Process (AHP)– Gives an objective decision using subjective
criteria.
– Highly flexible and customizable.
![Page 18: A multi- Criteria - based Evaluation of Android Application](https://reader035.vdocuments.us/reader035/viewer/2022062520/568165c1550346895dd8c983/html5/thumbnails/18.jpg)
Analytic Hierarchic Process
![Page 19: A multi- Criteria - based Evaluation of Android Application](https://reader035.vdocuments.us/reader035/viewer/2022062520/568165c1550346895dd8c983/html5/thumbnails/19.jpg)
Multi Criteria Decision (2)
• Criteria– Global threat score– Developer Reputation– Marketplace– Number of downloads– User Rating
![Page 20: A multi- Criteria - based Evaluation of Android Application](https://reader035.vdocuments.us/reader035/viewer/2022062520/568165c1550346895dd8c983/html5/thumbnails/20.jpg)
Final Decision
• An application can be considered by AHP as:– Trusted: Secure and Reliable.– Deceptive: Bogus or generally low quality
application.– Untrusted: Shows several security issues.
![Page 21: A multi- Criteria - based Evaluation of Android Application](https://reader035.vdocuments.us/reader035/viewer/2022062520/568165c1550346895dd8c983/html5/thumbnails/21.jpg)
Comparison Matrices
• Tell how much a decision (alternative) is relevant with respect to a criterion.
• Example: Top Developer
Trusted Untrusted Deceptive
Trusted 1 4 7
Untrusted 1/4 1 4Deceptive 1/7 1/4 1
![Page 22: A multi- Criteria - based Evaluation of Android Application](https://reader035.vdocuments.us/reader035/viewer/2022062520/568165c1550346895dd8c983/html5/thumbnails/22.jpg)
Example: Baseball Superstar
• Two versions of the same game,Vers. A, Vers. B.
• Threat score:– Vers. A: 1– Vers. B: 7,3
• AHP decide that Vers. A is trusted, Vers. B is untrusted.
• Vers. B is trojanized by the Geinimi malware.
![Page 23: A multi- Criteria - based Evaluation of Android Application](https://reader035.vdocuments.us/reader035/viewer/2022062520/568165c1550346895dd8c983/html5/thumbnails/23.jpg)
Example: Skype
• Skype requires several permissions to work properly. (Threat Score: 6,8).• Market: Official• Downloads: More than 10 millions.• Rating: 4 / 5• AHP decision: Trusted!
![Page 24: A multi- Criteria - based Evaluation of Android Application](https://reader035.vdocuments.us/reader035/viewer/2022062520/568165c1550346895dd8c983/html5/thumbnails/24.jpg)
Results
• 180 Android applications coming from different marketplaces.
![Page 25: A multi- Criteria - based Evaluation of Android Application](https://reader035.vdocuments.us/reader035/viewer/2022062520/568165c1550346895dd8c983/html5/thumbnails/25.jpg)
Conclusions
• We have defined a simple but effective permission classification system.
• We provide the user with an app analysis tool:– Static (computation can be performed offline).– Easily understandable.– Force developers to carefully choose the required
permissions.
![Page 26: A multi- Criteria - based Evaluation of Android Application](https://reader035.vdocuments.us/reader035/viewer/2022062520/568165c1550346895dd8c983/html5/thumbnails/26.jpg)
Future Works
• Inclusion of a reputation parameters based on user feedbacks.
• Test the system on a larger application set, with different settings for AHP.
• Inclusion of sub-criteria in the AHP decision system.