The Android operating system has increased in popularity and has been increasing its shares in the smart phone market. Users can carry out their daily work such as paying bills, being social, and sharing photos through mobile applications. These applications have access to sensitive information about the user, such as location, contacts, call logs, and SMS messages. However, the users have no knowledge of the applications or the personal information these applications have access to. Even if an application is not malware or does not have malicious behavior, it can compromise the security and privacy of the user by accessing the permissions and gathering sensitive personal information. In this study, we have designed and implemented a prototype of a novel fuzzy risk inference system that serves as a web-based service. The system analyzes the risks related to Android-based mobile applications and performs risk scoring by taking several features into account. The system presents the user with the risks of exposure before the installation of applications on the user's device and serves as an intelligent decision support system.
Mobile security, mobile risk analysis, mobile application security, security risk analysis, risk assessment, decision support systems, information systems
YÜKSEL, ASIM SİNAN; YÜKSEL, MEHMET ERKAN; SERTBAŞ, AHMET; and ZAİM, ABDÜL HALİM
"Implementation of a web-based service for mobile application risk assessment,"
Turkish Journal of Electrical Engineering and Computer Sciences: Vol. 25:
2, Article 25.
Available at: https://journals.tubitak.gov.tr/elektrik/vol25/iss2/25