Functionality-Based Mobile Application Recommendation System with Security and Privacy Awareness

  • Thiago Rocha UFAM
  • Eduardo Souto UFAM
  • Khalil El-Khatib Ontario Tech University

Resumo


In this thesis, we propose a functionality-aware system to evaluate and recommend mobile applications with security and privacy awareness. The proposed system has a security layer that evaluates an application and classifies it as being malign or benign. In this way, only applications classified as benign are considered for the functionality-aware recommendation. Also, we employ a technique, called Logical Predicate Mapping (LPM), which allows users to understand the permissions and API calls requested by the app, as well as privacy risks. This information is grouped with other metrics retrieved such as popularity, usability and privacy and shown to users. This way they can decide what to do and understand what can happen.

Referências

Alessandra Gorla, Ilaria Tavecchia, Florian Gross and Andreas Zeller (2014) “Checking App Behavior Against App Descriptions”, International Conference on Software Engineering, pages 1025-1035.

Elizabeth Edwards, Joanna Lumsden, Julian Rivas Gonzalo, et al. (2016) “Gamification for health promotion: systematic review of behaviour change techniques in smartphone apps” BMJ Open, vol. 6, pages 1-9.

Haoyu Wang, Jason Hong and Yao Guo (2015) “Using Text Mining to Infer the Purpose of Permission Use in Mobile Apps”, ACM International Joint Conference on Pervasive and Ubiquitous Computing, pages 1107–1118.

Ignácio Martín, José Alberto Hernández, Alfonso Muñoz and Antonio Guzmán (2018) “Android Malware Characterization Using Metadata and Machine Learning Techniques”, Security and Communication Networks, pages 1-11.

Irina Shklovski, Scott Mainwaring, Halla Skúladóttir and Hóskuldur Borgtho rsson (2014) “Leakiness and Creepiness in App Space : Perceptions of Privacy and Mobile App Use”, Conference on Human Factors in Computing Systems, pages 2347-2356.

Jiayu Wang and Qigeng Chen (2014) “ASPG : Generating Android Semantic Permissions”, International Conference on Computational Science and Engineering, pages 591-598.

Kun Xu, Weidong Zhang and Zheng Yan (2018) “A privacy-preserving mobile application recommender system based on trust evaluation” Journal of Computational Science, vol. 26, pp. 87–107.

Nuray Baltaci Akhuseyinoglu and Kamil Akhuseyinoglu (2016) “AntiWare: An Automated Android Malware Detection Tool based on Machine Learning Approach and Official Market Metadata” Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), pages 1-7.

Paloalto, “Cloak and Dagger attack with no permission.”. Available in: [link]. [Accessed in November 10 2017].

Pulkit Rustgi, Carol Fung, Bahman Rashidi and Bridget McInnes (2017) “DroidVisor: An Android secure application recommendation system” IEEE Symposium on Integrated Network and Service Management (IM), pages 1071–1076.

Keith Stevens, Philip Kegelmeyer, David Andrzejewski and David Buttler (2012) “Exploring Topic Coherence over many models and many topics”, Joint Conference on Empirical Methods in Natural Language Processing and Computational Natural Language Learning, pages 952–961.

Rui Liu, Junbin Liang, Jiannong Cao, Kehuan Zhang, et al. (2016) “ Understanding Mobile Users’ Privacy Expectations: A Recommendation-based Method through Crowdsourcing”, IEEE Transactions on Services Computing, vol. 12, pages 304– 318.

R. C. Jisha, Ram Krishnan and Varun Vikraman (2018) “Mobile Applications Recommendation Based on User Ratings and Permissions” International Conference on Advances in Computing, Communications and Informatics (ICACCI), pages 1000–1005, 2018.

Su Mon Kywe, Yingiju Li, Kunal Petal and Michael Grace (2016) “Attacking Android Smartphone Systems without Permissions”, Conference on Privacy, Security and Trust (PST).
Publicado
13/10/2020
ROCHA, Thiago; SOUTO, Eduardo; EL-KHATIB, Khalil. Functionality-Based Mobile Application Recommendation System with Security and Privacy Awareness. In: CONCURSO DE TESES E DISSERTAÇÕES - SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 20. , 2020, Evento Online. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2020 . p. 17-24. DOI: https://doi.org/10.5753/sbseg_estendido.2020.19265.