RiskMeter: A Tool for Measuring Precise Security Risk Values of Mobile Device Applications

Nowadays smartphones and tablets are widely used due to their various capabilities and features for end users. In these devices, accessing a wide range of services and sensitive information including private personal data, contact list, geolocation, sending and receiving messages, accessing social networks and etc. are provided via numerous application programs. These types of accessibilities, functionalities, and facilities make privacy and security issues more critical. Therefore, traditional security mechanism including biometric authentication, data encryption, access control, and etc. are not adequate. Therefore, danger of installing and using malwares must be taken into account in order to provide practical security for end users. Installing new and unknown applications on these devices might lead to security threats. Recently, smartphones and tablets utilize powerful operating system in which security of application is provided by application permissions. Android and BlackBerry are two examples of operating systems which reduce attack surface by using application permissions. In these operating systems, in order to perform malicious activities, an attacker must deceive users to install a malicious app since other ways of intrusion are almost closed. Recent statistics show that Android is the most popular operating system. For installing an app, Android requires the user to grant privileges through the requested permissions. There is a large number of applications (Apps) developed for this operating system which require various permissions based on their functionalities and provided services. Therefore, measuring security risks of applications can help us to make better decision regarding to apps installation and removal. There exists some research regarding to enhance the Android security model and its security risk communication mechanism. In this mobile operating system, security risk values of applications can be computed using their requested permissions. In this study, a new software tool is designed and implemented to measure security risk values of mobile applications. This tool benefits from a new metric to compute the risk values. This risk metric exploits statistics of permission usages in known malwares and goodwares. However, they can be simply extended to other features of Android apps including static and dynamic ones. Moreover, we have attempted to give a better definition of permission criticality to aim users for making best decision in new apps installation or previously installed ones removal. In fact, we have designated a new formulation to assign higher risk values to permissions with a higher usage in malwares and very lower usage in benign apps. The idea is quite simple but produces interesting results. That is, the security risk of a permission is directly related to the difference of its usage in malicious and non-malicious apps. Given risk values of permissions, one can compute risk of an Android app based on its permission list. Since the proposed measurement compute the risk values of permissions according to simple statistics of known malwares and useful Android apps, they have good explainability. Users can be informed regarding to danger about approving risky permissions and they can make reasonable decisions based on total risk score of an app which can be simply computed using security risks of its requested permissions. In order to purpose the metric, we have analyzed requested permissions of large number of malicious and ordinary applications. Moreover, for realistic evaluations, we have constructed two new datasets of applications belonging to an Iranian market and new malwares. Experimental evaluations on real known malwares and benign apps reveal the superiority of the proposed criterion with respect to previously proposed method in terms of assigning higher risk values to malwares and lower risk values to the benign applications.