|3/2022 - 9|
An Entropy-based Method for Social Apps Privacy Assessment Using the Android Permissions ArchitectureSANDOR, A. , SIMION, E.
|View the paper record and citations in|
|Click to see author's profile in SCOPUS, IEEE Xplore, Web of Science|
|Download PDF (1,107 KB) | Citation | Downloads: 116 | Views: 98|
data privacy, information entropy, information security, permission, mobile applications
android(24), privacy(19), security(15), mobile(13), access(11), applications(10), analysis(8), malware(6), apps(6), software(5)
Blue keywords are present in both the references section and the paper title.
About this article
Date of Publication: 2022-08-31
Volume 22, Issue 3, Year 2022, On page(s): 79 - 86
ISSN: 1582-7445, e-ISSN: 1844-7600
Digital Object Identifier: 10.4316/AECE.2022.03009
SCOPUS ID: 85137687061
Android social applications tend to be more and more popular as smartphones became very important devices for most people. Social applications increase smartphones functionalities, enabling them with most of the features available on computers. However, the use of smartphone social applications introduces users a series of vulnerabilities and risks on privacy and data protection. We aim to increase awareness on this field and propose a method to make privacy assessments and offering insights on the security and privacy level of an app before installing it. This article has the purpose to offer a solution for this type of assessment, using information entropy. The concept, widely operated in information science, will be used in this paper to evaluate social applications from the perspective of the Android operating system permission-based architecture. Using calculations of the entropy, social applications can be evaluated as safe or dangerous from a privacy and data protection point of view.
|References|||||Cited By «-- Click to see who has cited this paper|
| S. Ribeiro-Navarrete, J. R. Saura, D. Palacios-Marques, "Towards a new era of mass data collection: Assessing pandemic surveillance technologies to preserve user privacy," Technological Forecasting and Social Change, vol. 167, 2021. |
[CrossRef] [Web of Science Times Cited 36] [SCOPUS Times Cited 53]
 European Union Agency for Network and Information Security (ENISA), "Privacy and data protection in mobile applications. A study on the app development ecosystem and the technical implementation of GDPR,", November 2017
 M. Marsch, J. Grossklags, S. Patil, "Won't you think of others? Inderdependent privacy in smartphone app permissions," Proceedings of the ACM on Human-Computer Interaction, vol. 5, pp. 1-35, 2021.
[CrossRef] [SCOPUS Times Cited 2]
 M. Hatamian, "Engineering privacy in smartphone apps: a technical guideline catalog for app developers," IEEE Access, vol. 8, pp. 35429-35445, 2020.
[CrossRef] [Web of Science Times Cited 10] [SCOPUS Times Cited 16]
 L. Verderame, D. Caputo, A. Romdhana, A. Merlo, "On the (un)reliability of privacy policies in Android apps," in Proceedings of the 2020 International Joint Conference on Neural Networks (IJCNN), Glasgow, UK, pp. 1-9, 2020.
[CrossRef] [SCOPUS Times Cited 10]
 K. Oztoprak, "Mobile subscription profiling and personal service generation using location awareness," Advances in Electrical and Computer Engineering, vol. 18, no. 3, pp. 105-112, 2018.
[CrossRef] [Full Text] [Web of Science Record] [SCOPUS Times Cited 1]
 A. M. Farkade, S. R. Kaware, "The Android â a widely growing mobile operating system with its mobile based application," International Journal of Computer Science and Mobile Applications, vol. 3, no. 1, pp. 39-45, 2015
 I. M. Almomani, A. Al Khayer, "A comprehensive analysis of the Android permissions system," IEEE Access, vol. 8, pp. 216671-216688, 2020.
[CrossRef] [Web of Science Times Cited 11] [SCOPUS Times Cited 19]
 A. Sadeghi, R. Jabbarvand, N. Ghorbani, H. Bagheri, S. Malek, "A temporal permission analysis and enforcement framework for Android," in Proceedings of the 40th International Conference on Software Engineering, Gothenburg, Sweden, pp. 846-857, 2018.
[CrossRef] [Web of Science Times Cited 15] [SCOPUS Times Cited 23]
 Z. R. Alkindi, M. Sarrab, N. Alzidi, "Android application permission model. Issues and privacy violation," in Proceedings of the 4th Free and Open-Source Software Conference, Muscat, Oman, pp. 47-50, 2019
 Y. Feng, L. Chen, A. Zheng, C. Gao, Z. Zheng, "AC-Net: assessing the consistency of description and permission in Android apps," IEEE Access, vol. 7, pp. 57829-57842, 2019.
[CrossRef] [Web of Science Times Cited 10] [SCOPUS Times Cited 13]
 B. Liu, M. S. Andersen, F. Shaub, H. Almuhimedi, S. Zhang, N. Sadeh, A. Acquisti, Y. Agarwal, "Follow my recommendations: a personalized privacy assistant for mobile app permissions," in Proceedings of the 12th Symposium on Usable Privacy and Security, Denver, Colorado, USA, pp. 27-41, 2016
 H. Q. de la Vallee, P. Selby, S. Krishnamurthi, "On a (per)mission: building privacy into the app marketplace," in Proceedings 6th Workshop on Security and Privacy in Smartphones and Mobile Devices, Vienna, Austria, pp. 63-72, 2016.
[CrossRef] [Web of Science Times Cited 5] [SCOPUS Times Cited 10]
 F. Ebrahimi, M. Tushev, A. Mahmoud, "Mobile app privacy in software engineering research: a systematic mapping study," IEEE Transactions on Software Engineering, vol. 14, no. 8, 2019.
 G. Shrivastava, P. Kumar, "Privacy analysis of Android applications: state-of-art and literary assessment," Scalable Computing: Practice and Experience, vol. 18, no. 3, pp. 243-252, 2017.
[CrossRef] [Web of Science Times Cited 8] [SCOPUS Times Cited 17]
 T. Bruggemann, T. Dehling, A. Sunyaev, "No more risk, more fun! Automating breach of confidentiality risk assessment for Android mobile health applications," in Proceedings of the 52nd Hawaii International Conference on System Sciences, Grand Wailea, Hawaii, USA, pp. 4266-4275, 2019
 Q. Qian, J. Cai, M. Xie, R. Zhang, "Malicious behavior analysis for Android applications," International Journal of Network Security, vol. 18, no. 1, pp. 182-192, 2016.
 K. Alkhattabi, A. Alshehri, C. Yue, "Security and privacy analysis of Android family locator apps," in Proceedings of the 25th ACM Symposium on Access Control Models and Technologies, Barcelona, Spain, pp. 47-58, 2020.
[CrossRef] [Web of Science Record] [SCOPUS Times Cited 1]
 A. I. Ali-Gombe, B. Saltaformaggio, J. Ramanujam, D. Xu, G.G. Richard, "Toward a more dependable hybrid analysis of Android malware using aspect-oriented programming," Computers & Security, vol. 73, pp. 235-248, 2018.
[CrossRef] [Web of Science Times Cited 23] [SCOPUS Times Cited 30]
 G. Hu, B. Zhang, X. Xiao, W. Zhang, L. Liao, Y. Zhou, X. Yan, "SAMLDroid: a static taint analysis and machine learning combined high-accuracy method for identifying Android apps with location privacy leakage risks," Entropy, vol. 23, no. 11, 2021.
[CrossRef] [Web of Science Record] [SCOPUS Times Cited 2]
 I. K. Aksakalli, "Using convolutional neural network for Android malware detection," Computer Modelling & New Technologies, vol. 23, no. 1, pp. 29-35, 2019
 M. Ganesh, P. Pednekar, P. Prabhuswamy, D. S. Nair, Y. Park, H. Jeon, "CNN-based Android malware detection," in Proceedings of 2017 International Conference on Software Security and Assurance (ICSSA), Altoona, USA, pp. 60-65, 2017.
[CrossRef] [Web of Science Times Cited 20] [SCOPUS Times Cited 31]
 R. Sankardas. J. DeLoach, Y. Li, N. Herndon, D. Caragea, X. Ou, V.P. Ranganath, H. Li, N. Guevara, "Experimental study with real-world data for Android app security analysis using machine learning," Proceedings of the 31st Annual Computer Security Applications Conference (ACSAC 2015), Los Angeles, USA, pp. 81-90, 2015.
[CrossRef] [SCOPUS Times Cited 49]
 F. Alswaina, K. Elleithy, "Android malware permission-based multi-class classification using extremely randomized trees," IEEE Access, vol. 6, pp. 76217-76227, 2018.
[CrossRef] [Web of Science Times Cited 18] [SCOPUS Times Cited 26]
 A. Quattrone, L. Kulik, E. Tanin, K. Ramamohanarao, T. Gu, "PrivacyPalisade: evaluating app permissions and building privacy into smartphones," in Proceedings of the 10th International Conference on Information, Communications and Signal Processing (ICICS), Singapore, pp. 1-5, 2015.
[CrossRef] [SCOPUS Times Cited 4]
 G. M. Kapitsaki, M. Ioannou, "Examining the privacy vulnerability level of Android applications," in Proceeding of the 15th International Conference on Web Information Systems and Technologies, Vienna, Austria, pp. 34-45, 2019.
[CrossRef] [Web of Science Record] [SCOPUS Times Cited 2]
 N. Chau, S. Jung, "An entropy-based solution for identifying Android packers," IEEE Access, vol. 7, pp. 28412-28421, 2019.
[CrossRef] [Web of Science Times Cited 2] [SCOPUS Times Cited 4]
 M. Deypir, "Entropy-based security risk measurement for Android mobile applications," Soft Computing, vol. 23, no. 16, pp. 7303-7319, 2019.
[CrossRef] [Web of Science Times Cited 7] [SCOPUS Times Cited 10]
 M. Yang, L. Jia, T. Gao, T. Zhang, W. Xie, "Research on privacy security steady state evaluation model of mobile application based on information entropy and Markov theory," International Journal of Network Security, vol. 23, no. 5, pp. 807-816, 2021.
 T. Zhang, K. Zhao, M. Yang, T. Gao, W. Xie, "Research on privacy security risks assessment method of mobile commerce based on information entropy and Markov," Wireless Communications and Mobile Computing, vol. 2020, pp. 1-11, 2020.
[CrossRef] [Web of Science Times Cited 4] [SCOPUS Times Cited 7]
 A. Sandor, G. Tont, "Android social applications permission overview from a privacy perspective," in Proceedings of the 16th International Conference on Engineering of Modern Electric Systems (EMES), pp. 1-4, 2021.
[CrossRef] [SCOPUS Times Cited 1]
 S. Rani, K. S. Dhindsa, "Android malware detection in official and third-party application stores," International Journal of Advanced Networking and Applications, vol. 9, no. 4, pp. 3506-3509, 2018
 E. Derr, S. Bugiel, S. Fahl, Y. Acar, M. Backes, "Keep me updated: an empirical study of third-party library updatability on Android," in Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, Dallas, USA, pp. 2187-2200, 2017.
[CrossRef] [Web of Science Times Cited 67] [SCOPUS Times Cited 84]
 W. Yang, Y. Zhang, J. Li, H. Liu, Q. Wang, Y. Zhang, D. Gu, "Show me the money! Finding flawed implementations of third-party in-app payment in Android apps," in Proceedings of 2017 Network and Distributed System Security Symposium, San Diego, USA, 2017.
[CrossRef] [Web of Science Times Cited 6]
 M. Spreitzenbarth, F. Freiling, "Android malware on the rise," University of Erlangen, Dept. of Computer Science, Technical reports, CS-2012-04, 2012
Web of Science® Citations for all references: 242 TCR
SCOPUS® Citations for all references: 415 TCR
Web of Science® Average Citations per reference: 7 ACR
SCOPUS® Average Citations per reference: 12 ACR
TCR = Total Citations for References / ACR = Average Citations per Reference
We introduced in 2010 - for the first time in scientific publishing, the term "References Weight", as a quantitative indication of the quality ... Read more
Citations for references updated on 2022-09-29 11:08 in 197 seconds.
Note1: Web of Science® is a registered trademark of Clarivate Analytics.
Note2: SCOPUS® is a registered trademark of Elsevier B.V.
Disclaimer: All queries to the respective databases were made by using the DOI record of every reference (where available). Due to technical problems beyond our control, the information is not always accurate. Please use the CrossRef link to visit the respective publisher site.
Faculty of Electrical Engineering and Computer Science
Stefan cel Mare University of Suceava, Romania
All rights reserved: Advances in Electrical and Computer Engineering is a registered trademark of the Stefan cel Mare University of Suceava. No part of this publication may be reproduced, stored in a retrieval system, photocopied, recorded or archived, without the written permission from the Editor. When authors submit their papers for publication, they agree that the copyright for their article be transferred to the Faculty of Electrical Engineering and Computer Science, Stefan cel Mare University of Suceava, Romania, if and only if the articles are accepted for publication. The copyright covers the exclusive rights to reproduce and distribute the article, including reprints and translations.
Permission for other use: The copyright owner's consent does not extend to copying for general distribution, for promotion, for creating new works, or for resale. Specific written permission must be obtained from the Editor for such copying. Direct linking to files hosted on this website is strictly prohibited.
Disclaimer: Whilst every effort is made by the publishers and editorial board to see that no inaccurate or misleading data, opinions or statements appear in this journal, they wish to make it clear that all information and opinions formulated in the articles, as well as linguistic accuracy, are the sole responsibility of the author.