SlideShare a Scribd company logo

Effective risk communication for android apps

Download as DOCX, PDF
JPINFOTECH JAYAPRAKASH
JPINFOTECH JAYAPRAKASH
1 of 5
Effective Risk Communication for Android Apps ABSTRACT: The popularity and advanced functionality of mobile devices has made them attractive targets for malicious and intrusive applications (apps). Although strong security measures are in place for most mobile systems, the area where these systems often fail is the reliance on the user to make decisions that impact the security of a device. As our prime example, Android relies on users to understand the permissions that an app is requesting and to base the installation decision on the list of permissions. Previous research has shown that this reliance on users is ineffective, as most users do not understand or consider the permission information. We propose a solution that leverages a method to assign a risk score to each app and display a summary of that information to users. Results from four experiments are reported in which we examine the effects of introducing summary risk information and how best to convey such information to a user. Our results show that the inclusion of risk-score information has significant positive effects in the selection process and can also lead to more curiosity about security-related information.
EXISTING SYSTEM: With regard to smart phones, users are more concerned with privacy on their phones than on computers, and they especially worry about the threat of malicious apps. For mobile devices, a person often downloads and uses many apps from multiple unknown vendors, with each app providing some limited functionality. Additionally, all of these unknown vendors typically submit their apps to a single or several app stores where many other apps from other vendors may provide similar functionality. This different paradigm requires a different approach to deal with the risks of mobile devices, and offers distinct opportunities. DISADVANTAGES OF EXISTING SYSTEM:  People will not use security features properly if they fail to understand the purpose of the features or the information on which their decisions should be based.  Users make many decisions that affect the overall state of security of any system with which they interact. For security and privacy, most of these decisions relate to the risk to which the individual or system is exposed.
PROPOSED SYSTEM: We propose the addition of a summary risk rating for each app. A summary risk rating enables easy risk comparisons among apps that provide similar functionalities. We believe that one reason why current permission information is often ignored by users is that it is presented in a “standalone” fashion and in a way that requires a lot of technical knowledge and time to distill useful information, making comparison across apps difficult. An important feature of the mobile app ecosystem is that users often have choices and alternatives when choosing a mobile app. If a user knows that one app is significantly riskier than another but provides the same or similar functionality, then this fact may cause the user to choose the less risky one. This will in turn provide incentives for developers to better follow the least-privilege principle and request only necessary permissions. ADVANTAGES OF PROPOSED SYSTEM:  A summary risk rating also enables proactive risk communication (e.g., when the user searches for apps) so that users can take this information into the decision process. This is in contrast to the current reactive approach, where often times the user sees the permission/risk information of an app as a final warning only after the user has made the decision to choose the app.
 Our hypothesis is that when a summary risk rating is presented in a user-friendly fashion, it will encourage users to choose apps with lower risk.  The user sees the permission/risk information of an app as a final warning only after the user has made the decision to choose the app.  An effective risk communication approach for Android could provide. SYSTEM REQUIREMENTS: HARDWARE REQUIREMENTS:  System : Pentium IV 2.4 GHz.  Hard Disk : 40 GB.  Floppy Drive : 1.44 Mb.  Monitor : 15 VGA Colour.  Mouse : Logitech.  Ram : 512 Mb.  MOBILE : ANDROID SOFTWARE REQUIREMENTS:  Operating system : Windows XP/7.
 Coding Language : Java 1.7  Tool Kit : Android 2.3 ABOVE  IDE : Eclipse REFERENCE: Christopher S. Gates, Jing Chen, Ninghui Li, Senior Member, IEEE, and Robert W. Proctor “Effective Risk Communication for Android Apps” IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 11, NO. 3, MAY-JUNE 2014

Recommended

Generating summary risk scores for mobile applications
Generating summary risk scores for mobile applicationsGenerating summary risk scores for mobile applications
Generating summary risk scores for mobile applicationsJPINFOTECH JAYAPRAKASH
 
How can we predict vulnerabilities to prevent them from causing data losses
How can we predict vulnerabilities to prevent them from causing data lossesHow can we predict vulnerabilities to prevent them from causing data losses
How can we predict vulnerabilities to prevent them from causing data lossesAbhishek BV
 
Rate ur beats
Rate ur beatsRate ur beats
Rate ur beatsFaizal Sheriff
 
Security Survey 2013 UK
Security Survey 2013 UKSecurity Survey 2013 UK
Security Survey 2013 UKKim Jensen
 
How to Identify Potentially Unwanted Applications
How to Identify Potentially Unwanted ApplicationsHow to Identify Potentially Unwanted Applications
How to Identify Potentially Unwanted ApplicationsOPSWAT
 
Uses , misuses and risk of software
Uses , misuses and risk of softwareUses , misuses and risk of software
Uses , misuses and risk of softwareAbdulJabbar459
 
Uses,mis uses and risk of software
Uses,mis uses and risk of softwareUses,mis uses and risk of software
Uses,mis uses and risk of softwareAHSSAN AKHTAR
 
Ieee project-2014-2015-context-based-access-control-systems
Ieee project-2014-2015-context-based-access-control-systemsIeee project-2014-2015-context-based-access-control-systems
Ieee project-2014-2015-context-based-access-control-systemsSteph Cliche
 

Recommended

Generating summary risk scores for mobile applications
Generating summary risk scores for mobile applicationsGenerating summary risk scores for mobile applications
Generating summary risk scores for mobile applicationsJPINFOTECH JAYAPRAKASH
 
How can we predict vulnerabilities to prevent them from causing data losses
How can we predict vulnerabilities to prevent them from causing data lossesHow can we predict vulnerabilities to prevent them from causing data losses
How can we predict vulnerabilities to prevent them from causing data lossesAbhishek BV
 
Rate ur beats
Rate ur beatsRate ur beats
Rate ur beatsFaizal Sheriff
 
Security Survey 2013 UK
Security Survey 2013 UKSecurity Survey 2013 UK
Security Survey 2013 UKKim Jensen
 
How to Identify Potentially Unwanted Applications
How to Identify Potentially Unwanted ApplicationsHow to Identify Potentially Unwanted Applications
How to Identify Potentially Unwanted ApplicationsOPSWAT
 
Uses , misuses and risk of software
Uses , misuses and risk of softwareUses , misuses and risk of software
Uses , misuses and risk of softwareAbdulJabbar459
 
Uses,mis uses and risk of software
Uses,mis uses and risk of softwareUses,mis uses and risk of software
Uses,mis uses and risk of softwareAHSSAN AKHTAR
 
Ieee project-2014-2015-context-based-access-control-systems
Ieee project-2014-2015-context-based-access-control-systemsIeee project-2014-2015-context-based-access-control-systems
Ieee project-2014-2015-context-based-access-control-systemsSteph Cliche
 
I018145157
I018145157I018145157
I018145157IOSR Journals
 
Study reveals we are being tracked by our smartphones --- every 3 minutes
Study reveals we are being tracked by our smartphones --- every 3 minutesStudy reveals we are being tracked by our smartphones --- every 3 minutes
Study reveals we are being tracked by our smartphones --- every 3 minutesWaqas Amir
 
Malware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault AnalysisMalware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault AnalysisIRJET Journal
 
The New Data Security Risk
The New Data Security RiskThe New Data Security Risk
The New Data Security RiskSteve Kirwan
 
Vulnerabilities on mobile Dating Applications
Vulnerabilities on mobile Dating ApplicationsVulnerabilities on mobile Dating Applications
Vulnerabilities on mobile Dating ApplicationsTabish Ali CCISO,ECSA,CHFI,CEH,COBIT5
 
final_writeup
final_writeupfinal_writeup
final_writeupHarrison Landis
 
Moses Supporting And Enforcing Security Profiles On Smartphones
Moses Supporting And Enforcing Security Profiles On SmartphonesMoses Supporting And Enforcing Security Profiles On Smartphones
Moses Supporting And Enforcing Security Profiles On SmartphonesPapitha Velumani
 
Target tracking and mobile sensor navigation in wireless sensor networks
Target tracking and mobile sensor navigation in wireless sensor networksTarget tracking and mobile sensor navigation in wireless sensor networks
Target tracking and mobile sensor navigation in wireless sensor networksJPINFOTECH JAYAPRAKASH
 
Bahg back bone-assisted hop greedy routing for vanet’s city environments
Bahg back bone-assisted hop greedy routing for vanet’s city environmentsBahg back bone-assisted hop greedy routing for vanet’s city environments
Bahg back bone-assisted hop greedy routing for vanet’s city environmentsJPINFOTECH JAYAPRAKASH
 
Privacy preserving delegated access control in public clouds
Privacy preserving delegated access control in public cloudsPrivacy preserving delegated access control in public clouds
Privacy preserving delegated access control in public cloudsJPINFOTECH JAYAPRAKASH
 
How long to wait predicting bus arrival time with mobile phone based particip...
How long to wait predicting bus arrival time with mobile phone based particip...How long to wait predicting bus arrival time with mobile phone based particip...
How long to wait predicting bus arrival time with mobile phone based particip...JPINFOTECH JAYAPRAKASH
 
Context based access control systems for mobile devices
Context based access control systems for mobile devicesContext based access control systems for mobile devices
Context based access control systems for mobile devicesJPINFOTECH JAYAPRAKASH
 
A new algorithm for inferring user search goals with feedback sessions
A new algorithm for inferring user search goals with feedback sessionsA new algorithm for inferring user search goals with feedback sessions
A new algorithm for inferring user search goals with feedback sessionsJPINFOTECH JAYAPRAKASH
 
Target tracking and mobile sensor navigation in wireless sensor networks
Target tracking and mobile sensor navigation in wireless sensor networksTarget tracking and mobile sensor navigation in wireless sensor networks
Target tracking and mobile sensor navigation in wireless sensor networksJPINFOTECH JAYAPRAKASH
 
Mona secure multi owner data sharing for dynamic groups in the cloud
Mona secure multi owner data sharing for dynamic groups in the cloudMona secure multi owner data sharing for dynamic groups in the cloud
Mona secure multi owner data sharing for dynamic groups in the cloudJPINFOTECH JAYAPRAKASH
 
2015 2016 ieee dot net project titles
2015 2016 ieee dot net project titles2015 2016 ieee dot net project titles
2015 2016 ieee dot net project titlesJPINFOTECH JAYAPRAKASH
 
2015 2016 ieee vlsi project titles
2015 2016 ieee vlsi project titles2015 2016 ieee vlsi project titles
2015 2016 ieee vlsi project titlesJPINFOTECH JAYAPRAKASH
 
Privacy preserving public auditing for secure cloud storage
Privacy preserving public auditing for secure cloud storagePrivacy preserving public auditing for secure cloud storage
Privacy preserving public auditing for secure cloud storageJPINFOTECH JAYAPRAKASH
 
Nice network intrusion detection and countermeasure selection in virtual netw...
Nice network intrusion detection and countermeasure selection in virtual netw...Nice network intrusion detection and countermeasure selection in virtual netw...
Nice network intrusion detection and countermeasure selection in virtual netw...JPINFOTECH JAYAPRAKASH
 
Annotating search results from web databases
Annotating search results from web databasesAnnotating search results from web databases
Annotating search results from web databasesJPINFOTECH JAYAPRAKASH
 
Anomaly detection via online over sampling principal component analysis
Anomaly detection via online over sampling principal component analysisAnomaly detection via online over sampling principal component analysis
Anomaly detection via online over sampling principal component analysisJPINFOTECH JAYAPRAKASH
 
Reversible data hiding with optimal value transfer
Reversible data hiding with optimal value transferReversible data hiding with optimal value transfer
Reversible data hiding with optimal value transferJPINFOTECH JAYAPRAKASH
 

More Related Content

What's hot

Study reveals we are being tracked by our smartphones --- every 3 minutes
Study reveals we are being tracked by our smartphones --- every 3 minutesStudy reveals we are being tracked by our smartphones --- every 3 minutes
Study reveals we are being tracked by our smartphones --- every 3 minutesWaqas Amir
 
Malware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault AnalysisMalware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault AnalysisIRJET Journal
 
The New Data Security Risk
The New Data Security RiskThe New Data Security Risk
The New Data Security RiskSteve Kirwan
 
Moses Supporting And Enforcing Security Profiles On Smartphones
Moses Supporting And Enforcing Security Profiles On SmartphonesMoses Supporting And Enforcing Security Profiles On Smartphones
Moses Supporting And Enforcing Security Profiles On SmartphonesPapitha Velumani
 

What's hot (7)

I018145157
I018145157I018145157
I018145157
 
Study reveals we are being tracked by our smartphones --- every 3 minutes
Study reveals we are being tracked by our smartphones --- every 3 minutesStudy reveals we are being tracked by our smartphones --- every 3 minutes
Study reveals we are being tracked by our smartphones --- every 3 minutes
 
Malware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault AnalysisMalware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault Analysis
 
The New Data Security Risk
The New Data Security RiskThe New Data Security Risk
The New Data Security Risk
 
Vulnerabilities on mobile Dating Applications
Vulnerabilities on mobile Dating ApplicationsVulnerabilities on mobile Dating Applications
Vulnerabilities on mobile Dating Applications
 
final_writeup
final_writeupfinal_writeup
final_writeup
 
Moses Supporting And Enforcing Security Profiles On Smartphones
Moses Supporting And Enforcing Security Profiles On SmartphonesMoses Supporting And Enforcing Security Profiles On Smartphones
Moses Supporting And Enforcing Security Profiles On Smartphones
 

Viewers also liked

Target tracking and mobile sensor navigation in wireless sensor networks
Target tracking and mobile sensor navigation in wireless sensor networksTarget tracking and mobile sensor navigation in wireless sensor networks
Target tracking and mobile sensor navigation in wireless sensor networksJPINFOTECH JAYAPRAKASH
 
Bahg back bone-assisted hop greedy routing for vanet’s city environments
Bahg back bone-assisted hop greedy routing for vanet’s city environmentsBahg back bone-assisted hop greedy routing for vanet’s city environments
Bahg back bone-assisted hop greedy routing for vanet’s city environmentsJPINFOTECH JAYAPRAKASH
 
Privacy preserving delegated access control in public clouds
Privacy preserving delegated access control in public cloudsPrivacy preserving delegated access control in public clouds
Privacy preserving delegated access control in public cloudsJPINFOTECH JAYAPRAKASH
 
How long to wait predicting bus arrival time with mobile phone based particip...
How long to wait predicting bus arrival time with mobile phone based particip...How long to wait predicting bus arrival time with mobile phone based particip...
How long to wait predicting bus arrival time with mobile phone based particip...JPINFOTECH JAYAPRAKASH
 
Context based access control systems for mobile devices
Context based access control systems for mobile devicesContext based access control systems for mobile devices
Context based access control systems for mobile devicesJPINFOTECH JAYAPRAKASH
 
A new algorithm for inferring user search goals with feedback sessions
A new algorithm for inferring user search goals with feedback sessionsA new algorithm for inferring user search goals with feedback sessions
A new algorithm for inferring user search goals with feedback sessionsJPINFOTECH JAYAPRAKASH
 
Target tracking and mobile sensor navigation in wireless sensor networks
Target tracking and mobile sensor navigation in wireless sensor networksTarget tracking and mobile sensor navigation in wireless sensor networks
Target tracking and mobile sensor navigation in wireless sensor networksJPINFOTECH JAYAPRAKASH
 
Mona secure multi owner data sharing for dynamic groups in the cloud
Mona secure multi owner data sharing for dynamic groups in the cloudMona secure multi owner data sharing for dynamic groups in the cloud
Mona secure multi owner data sharing for dynamic groups in the cloudJPINFOTECH JAYAPRAKASH
 
Privacy preserving public auditing for secure cloud storage
Privacy preserving public auditing for secure cloud storagePrivacy preserving public auditing for secure cloud storage
Privacy preserving public auditing for secure cloud storageJPINFOTECH JAYAPRAKASH
 
Nice network intrusion detection and countermeasure selection in virtual netw...
Nice network intrusion detection and countermeasure selection in virtual netw...Nice network intrusion detection and countermeasure selection in virtual netw...
Nice network intrusion detection and countermeasure selection in virtual netw...JPINFOTECH JAYAPRAKASH
 
Annotating search results from web databases
Annotating search results from web databasesAnnotating search results from web databases
Annotating search results from web databasesJPINFOTECH JAYAPRAKASH
 
Anomaly detection via online over sampling principal component analysis
Anomaly detection via online over sampling principal component analysisAnomaly detection via online over sampling principal component analysis
Anomaly detection via online over sampling principal component analysisJPINFOTECH JAYAPRAKASH
 
Reversible data hiding with optimal value transfer
Reversible data hiding with optimal value transferReversible data hiding with optimal value transfer
Reversible data hiding with optimal value transferJPINFOTECH JAYAPRAKASH
 
Emap expedite message authentication protocol for vehicular ad hoc networks
Emap expedite message authentication protocol for vehicular ad hoc networksEmap expedite message authentication protocol for vehicular ad hoc networks
Emap expedite message authentication protocol for vehicular ad hoc networksJPINFOTECH JAYAPRAKASH
 
Eaack—a secure intrusion detection system for manets ns2
Eaack—a secure intrusion detection system for manets ns2Eaack—a secure intrusion detection system for manets ns2
Eaack—a secure intrusion detection system for manets ns2JPINFOTECH JAYAPRAKASH
 

Viewers also liked (17)

Target tracking and mobile sensor navigation in wireless sensor networks
Target tracking and mobile sensor navigation in wireless sensor networksTarget tracking and mobile sensor navigation in wireless sensor networks
Target tracking and mobile sensor navigation in wireless sensor networks
 
Bahg back bone-assisted hop greedy routing for vanet’s city environments
Bahg back bone-assisted hop greedy routing for vanet’s city environmentsBahg back bone-assisted hop greedy routing for vanet’s city environments
Bahg back bone-assisted hop greedy routing for vanet’s city environments
 
Privacy preserving delegated access control in public clouds
Privacy preserving delegated access control in public cloudsPrivacy preserving delegated access control in public clouds
Privacy preserving delegated access control in public clouds
 
How long to wait predicting bus arrival time with mobile phone based particip...
How long to wait predicting bus arrival time with mobile phone based particip...How long to wait predicting bus arrival time with mobile phone based particip...
How long to wait predicting bus arrival time with mobile phone based particip...
 
Context based access control systems for mobile devices
Context based access control systems for mobile devicesContext based access control systems for mobile devices
Context based access control systems for mobile devices
 
A new algorithm for inferring user search goals with feedback sessions
A new algorithm for inferring user search goals with feedback sessionsA new algorithm for inferring user search goals with feedback sessions
A new algorithm for inferring user search goals with feedback sessions
 
Target tracking and mobile sensor navigation in wireless sensor networks
Target tracking and mobile sensor navigation in wireless sensor networksTarget tracking and mobile sensor navigation in wireless sensor networks
Target tracking and mobile sensor navigation in wireless sensor networks
 
Mona secure multi owner data sharing for dynamic groups in the cloud
Mona secure multi owner data sharing for dynamic groups in the cloudMona secure multi owner data sharing for dynamic groups in the cloud
Mona secure multi owner data sharing for dynamic groups in the cloud
 
2015 2016 ieee dot net project titles
2015 2016 ieee dot net project titles2015 2016 ieee dot net project titles
2015 2016 ieee dot net project titles
 
2015 2016 ieee vlsi project titles
2015 2016 ieee vlsi project titles2015 2016 ieee vlsi project titles
2015 2016 ieee vlsi project titles
 
Privacy preserving public auditing for secure cloud storage
Privacy preserving public auditing for secure cloud storagePrivacy preserving public auditing for secure cloud storage
Privacy preserving public auditing for secure cloud storage
 
Nice network intrusion detection and countermeasure selection in virtual netw...
Nice network intrusion detection and countermeasure selection in virtual netw...Nice network intrusion detection and countermeasure selection in virtual netw...
Nice network intrusion detection and countermeasure selection in virtual netw...
 
Annotating search results from web databases
Annotating search results from web databasesAnnotating search results from web databases
Annotating search results from web databases
 
Anomaly detection via online over sampling principal component analysis
Anomaly detection via online over sampling principal component analysisAnomaly detection via online over sampling principal component analysis
Anomaly detection via online over sampling principal component analysis
 
Reversible data hiding with optimal value transfer
Reversible data hiding with optimal value transferReversible data hiding with optimal value transfer
Reversible data hiding with optimal value transfer
 
Emap expedite message authentication protocol for vehicular ad hoc networks
Emap expedite message authentication protocol for vehicular ad hoc networksEmap expedite message authentication protocol for vehicular ad hoc networks
Emap expedite message authentication protocol for vehicular ad hoc networks
 
Eaack—a secure intrusion detection system for manets ns2
Eaack—a secure intrusion detection system for manets ns2Eaack—a secure intrusion detection system for manets ns2
Eaack—a secure intrusion detection system for manets ns2
 

Similar to Effective risk communication for android apps

Generating Risk Summary Risk Scores For Mobile Applications
Generating Risk Summary Risk Scores For Mobile ApplicationsGenerating Risk Summary Risk Scores For Mobile Applications
Generating Risk Summary Risk Scores For Mobile ApplicationsPapitha Velumani
 
Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...
Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...
Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...MOBIQUANT TECHNOLOGIES
 
Privacy on Mobile Apps
Privacy on Mobile AppsPrivacy on Mobile Apps
Privacy on Mobile AppsMays Mrayyan
 
The Crucial Role of Mobile App Testing in Ensuring Quality and Security.pdf
The Crucial Role of Mobile App Testing in Ensuring Quality and Security.pdfThe Crucial Role of Mobile App Testing in Ensuring Quality and Security.pdf
The Crucial Role of Mobile App Testing in Ensuring Quality and Security.pdfAnanthReddy38
 
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISijitcs
 
Permission based malware detection by using k means algorithm in Android OS
Permission based malware detection by using k means algorithm in Android OSPermission based malware detection by using k means algorithm in Android OS
Permission based malware detection by using k means algorithm in Android OSBRNSSPublicationHubI
 
Behavior-Based Security for Mobile Devices Using Machine Learning Techniques
Behavior-Based Security for Mobile Devices Using Machine Learning TechniquesBehavior-Based Security for Mobile Devices Using Machine Learning Techniques
Behavior-Based Security for Mobile Devices Using Machine Learning Techniquesgerogepatton
 
Review of behavior malware analysis for android
Review of behavior malware analysis for androidReview of behavior malware analysis for android
Review of behavior malware analysis for androidJPINFOTECH JAYAPRAKASH
 
Provide security about risk score in mobile application’s
Provide security about risk score in mobile application’sProvide security about risk score in mobile application’s
Provide security about risk score in mobile application’seSAT Journals
 
Unified application security analyser
Unified application security analyserUnified application security analyser
Unified application security analyserTim Youm
 
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN ITWHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN ITTekRevol LLC
 
DasGreenPerezMurphy_Paper
DasGreenPerezMurphy_PaperDasGreenPerezMurphy_Paper
DasGreenPerezMurphy_PaperMichael Murphy
 
IRJET - System to Identify and Define Security Threats to the users About The...
IRJET - System to Identify and Define Security Threats to the users About The...IRJET - System to Identify and Define Security Threats to the users About The...
IRJET - System to Identify and Define Security Threats to the users About The...IRJET Journal
 
Mobile Banking Security: Challenges, Solutions
Mobile Banking Security: Challenges, SolutionsMobile Banking Security: Challenges, Solutions
Mobile Banking Security: Challenges, SolutionsCognizant
 
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...IOSR Journals
 
IRJET- App Misbehaviour Check: Development of Virus Modeling, Propagation...
IRJET- App Misbehaviour Check: Development of Virus Modeling, Propagation...IRJET- App Misbehaviour Check: Development of Virus Modeling, Propagation...
IRJET- App Misbehaviour Check: Development of Virus Modeling, Propagation...IRJET Journal
 

Similar to Effective risk communication for android apps (20)

Generating Risk Summary Risk Scores For Mobile Applications
Generating Risk Summary Risk Scores For Mobile ApplicationsGenerating Risk Summary Risk Scores For Mobile Applications
Generating Risk Summary Risk Scores For Mobile Applications
 
Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...
Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...
Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...
 
Privacy on Mobile Apps
Privacy on Mobile AppsPrivacy on Mobile Apps
Privacy on Mobile Apps
 
The Crucial Role of Mobile App Testing in Ensuring Quality and Security.pdf
The Crucial Role of Mobile App Testing in Ensuring Quality and Security.pdfThe Crucial Role of Mobile App Testing in Ensuring Quality and Security.pdf
The Crucial Role of Mobile App Testing in Ensuring Quality and Security.pdf
 
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
 
Permission based malware detection by using k means algorithm in Android OS
Permission based malware detection by using k means algorithm in Android OSPermission based malware detection by using k means algorithm in Android OS
Permission based malware detection by using k means algorithm in Android OS
 
Behavior-Based Security for Mobile Devices Using Machine Learning Techniques
Behavior-Based Security for Mobile Devices Using Machine Learning TechniquesBehavior-Based Security for Mobile Devices Using Machine Learning Techniques
Behavior-Based Security for Mobile Devices Using Machine Learning Techniques
 
Security survey2013 en
Security survey2013 enSecurity survey2013 en
Security survey2013 en
 
Review of behavior malware analysis for android
Review of behavior malware analysis for androidReview of behavior malware analysis for android
Review of behavior malware analysis for android
 
OS-Project-Report-Team-8
OS-Project-Report-Team-8OS-Project-Report-Team-8
OS-Project-Report-Team-8
 
Provide security about risk score in mobile application’s
Provide security about risk score in mobile application’sProvide security about risk score in mobile application’s
Provide security about risk score in mobile application’s
 
Irjet v7 i3811
Irjet v7 i3811Irjet v7 i3811
Irjet v7 i3811
 
Unified application security analyser
Unified application security analyserUnified application security analyser
Unified application security analyser
 
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN ITWHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
 
DasGreenPerezMurphy_Paper
DasGreenPerezMurphy_PaperDasGreenPerezMurphy_Paper
DasGreenPerezMurphy_Paper
 
Download
DownloadDownload
Download
 
IRJET - System to Identify and Define Security Threats to the users About The...
IRJET - System to Identify and Define Security Threats to the users About The...IRJET - System to Identify and Define Security Threats to the users About The...
IRJET - System to Identify and Define Security Threats to the users About The...
 
Mobile Banking Security: Challenges, Solutions
Mobile Banking Security: Challenges, SolutionsMobile Banking Security: Challenges, Solutions
Mobile Banking Security: Challenges, Solutions
 
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
 
IRJET- App Misbehaviour Check: Development of Virus Modeling, Propagation...
IRJET- App Misbehaviour Check: Development of Virus Modeling, Propagation...IRJET- App Misbehaviour Check: Development of Virus Modeling, Propagation...
IRJET- App Misbehaviour Check: Development of Virus Modeling, Propagation...
 

Effective risk communication for android apps

  • 1. Effective Risk Communication for Android Apps ABSTRACT: The popularity and advanced functionality of mobile devices has made them attractive targets for malicious and intrusive applications (apps). Although strong security measures are in place for most mobile systems, the area where these systems often fail is the reliance on the user to make decisions that impact the security of a device. As our prime example, Android relies on users to understand the permissions that an app is requesting and to base the installation decision on the list of permissions. Previous research has shown that this reliance on users is ineffective, as most users do not understand or consider the permission information. We propose a solution that leverages a method to assign a risk score to each app and display a summary of that information to users. Results from four experiments are reported in which we examine the effects of introducing summary risk information and how best to convey such information to a user. Our results show that the inclusion of risk-score information has significant positive effects in the selection process and can also lead to more curiosity about security-related information.
  • 2. EXISTING SYSTEM: With regard to smart phones, users are more concerned with privacy on their phones than on computers, and they especially worry about the threat of malicious apps. For mobile devices, a person often downloads and uses many apps from multiple unknown vendors, with each app providing some limited functionality. Additionally, all of these unknown vendors typically submit their apps to a single or several app stores where many other apps from other vendors may provide similar functionality. This different paradigm requires a different approach to deal with the risks of mobile devices, and offers distinct opportunities. DISADVANTAGES OF EXISTING SYSTEM:  People will not use security features properly if they fail to understand the purpose of the features or the information on which their decisions should be based.  Users make many decisions that affect the overall state of security of any system with which they interact. For security and privacy, most of these decisions relate to the risk to which the individual or system is exposed.
  • 3. PROPOSED SYSTEM: We propose the addition of a summary risk rating for each app. A summary risk rating enables easy risk comparisons among apps that provide similar functionalities. We believe that one reason why current permission information is often ignored by users is that it is presented in a “standalone” fashion and in a way that requires a lot of technical knowledge and time to distill useful information, making comparison across apps difficult. An important feature of the mobile app ecosystem is that users often have choices and alternatives when choosing a mobile app. If a user knows that one app is significantly riskier than another but provides the same or similar functionality, then this fact may cause the user to choose the less risky one. This will in turn provide incentives for developers to better follow the least-privilege principle and request only necessary permissions. ADVANTAGES OF PROPOSED SYSTEM:  A summary risk rating also enables proactive risk communication (e.g., when the user searches for apps) so that users can take this information into the decision process. This is in contrast to the current reactive approach, where often times the user sees the permission/risk information of an app as a final warning only after the user has made the decision to choose the app.
  • 4.  Our hypothesis is that when a summary risk rating is presented in a user-friendly fashion, it will encourage users to choose apps with lower risk.  The user sees the permission/risk information of an app as a final warning only after the user has made the decision to choose the app.  An effective risk communication approach for Android could provide. SYSTEM REQUIREMENTS: HARDWARE REQUIREMENTS:  System : Pentium IV 2.4 GHz.  Hard Disk : 40 GB.  Floppy Drive : 1.44 Mb.  Monitor : 15 VGA Colour.  Mouse : Logitech.  Ram : 512 Mb.  MOBILE : ANDROID SOFTWARE REQUIREMENTS:  Operating system : Windows XP/7.
  • 5.  Coding Language : Java 1.7  Tool Kit : Android 2.3 ABOVE  IDE : Eclipse REFERENCE: Christopher S. Gates, Jing Chen, Ninghui Li, Senior Member, IEEE, and Robert W. Proctor “Effective Risk Communication for Android Apps” IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 11, NO. 3, MAY-JUNE 2014