Security-centric ranking algorithm and two privacy scores to mitigate intrusive apps

Smartphone users are constantly facing the risks of losing their private information to third-party mobile applications. Studies have revealed that the vast majority of users either do not pay attention to privacy or unable to comprehend privacy messages. Developers though have exploited this fact by asking users to grant their apps an enormous number of permissions. In this article, we propose and evaluate a new security-centric ranking algorithm built on top of the Elasticsearch engine to help users evade such apps. The algorithm calculates an intrusiveness score for an app based on its requested permissions, received system actions, and users' privacy preferences. As such, we further propose a new approach to capture these preferences. We evaluate the ranking algorithm using a million Android applications, contextual data and APK files, that we collect from the Google Play store. The results show that the scoring and reranking steps add minor overhead. Moreover, participants of the user studies gave positive feedback for the ranking algorithm and the privacy preferences solicitation approach. These results suggest that our proposed system would definitely protect the privacy of mobile users and pushes developers into requesting least amount of privileges. Still, there are many risks that endanger the users' privacy

More than a million Android Apps with Two Privacy Scores

This data set contains meta data about more than a million third-party Android application that were collected from the Google Play store between 2017 and 2019. Two privacy scores were calculated for each application based on: permission requests, broadcast receivers, and user's privacy preferences. The scores also depend on other applications in the app's category. The scores were calculated based on two published formulas. The first fomulas was proposed by Mohsel et al. and published in TrustCom '18, "Countering intrusiveness using new security-centric ranking algorithm built on top of elasticsearch". The second formula was published in SPSM '16 Taylor, and Martinovic, "SecuRank: Starving Permission-Hungry Apps Using Contextual Permission Analysis"