Visible to the public Predicting Android Application Security and Privacy Risk with Static Code MetricsConflict Detection Enabled

TitlePredicting Android Application Security and Privacy Risk with Static Code Metrics
Publication TypeConference Paper
Year of Publication2017
AuthorsRahman, Akond, Pradhan, Priysha, Partho, Asif, Williams, Laurie
Conference NameProceedings of the 4th International Conference on Mobile Software Engineering and Systems
PublisherIEEE Press
Conference LocationBuenos Aires, Argentina
ISBN Number978-1-5386-2669-6
KeywordsAndroid application, code metrics, prediction, security and privacy risk
Abstract

Android applications pose security and privacy risks for end-users. These risks are often quantified by performing dynamic analysis and permission analysis of the Android applications after release. Prediction of security and privacy risks associated with Android applications at early stages of application development, e.g. when the developer (s) are writing the code of the application, might help Android application developers in releasing applications to end-users that have less security and privacy risk. The goal of this paper is to aid Android application developers in assessing the security and privacy risk associated with Android applications by using static code metrics as predictors. In our paper, we consider security and privacy risk of Android application as how susceptible the application is to leaking private information of end-users and to releasing vulnerabilities. We investigate how effectively static code metrics that are extracted from the source code of Android applications, can be used to predict security and privacy risk of Android applications. We collected 21 static code metrics of 1,407 Android applications, and use the collected static code metrics to predict security and privacy risk of the applications. As the oracle of security and privacy risk, we used Androrisk, a tool that quantifies the amount of security and privacy risk of an Android application using analysis of Android permissions and dynamic analysis. To accomplish our goal, we used statistical learners such as, radial-based support vector machine (r-SVM). For r-SVM, we observe a precision of 0.83. Findings from our paper suggest that with proper selection of static code metrics, r-SVM can be used effectively to predict security and privacy risk of Android applications.

URLhttps://doi.org/10.1109/MOBILESoft.2017.14
DOI10.1109/MOBILESoft.2017.14
Citation KeyRahman:2017:PAA:3104086.3104109
Refereed DesignationRefereed

Other available formats:

p149-rahman.pdf
AttachmentTaxonomyKindSize
p149-rahman.pdfPDF document289.61 KBDownloadPreview
AttachmentSize
bytes