Countering Intrusiveness Using New Security-Centric Ranking Algorithm Built on Top of Elasticsearch

摘要

Mobile computing is dominating the technology market and it is expected to continue growing. Mobile thirdparty applications without any doubt contribute vastly to this growth. However, intrusive apps that tend to ask for plenty of permissions are becoming a common trend that influence the privacy of mobile users. Solutions have been proposed to detect and remove malicious apps from online markets or detect them after being installed. Yet, dealing with intrusive apps requires high user involvement and best judgment and comprehension. There have been a very few works that aim at helping mobile users make calculated decisions to avoid intrusive apps. In this paper, we are proposing and evaluating a new security-centric ranking algorithm built on top of the Elasticsearch engine to assist users evade installing intrusive apps. The algorithm calculates an intrusiveness score for an app based on its requested permissions, received system actions, and on the privacy preferences of users. In doing so, we are proposing a new approach to capture users' privacy preferences. The approach is evaluated through an online user study. The ranking algorithm is being evaluated on a large corpus of Android apps contextual data and APK files by conducting a pilot study and benchchmarking study. The results show that the scoring and reranking steps add very small overhead. Moreover, participants of the online and pilot studies gave positive feedback for the ranking algorithm and privacy preferences solicitation approach. The results suggest that our proposal would definitely protect the privacy of mobile users and pushes developers into requesting the minimum privileges that are required for their apps to function.