Implementation of a web-based service for mobile application risk assessment


YÜKSEL A. S. , Yuksel M. E. , Sertbas A. , Zaim A. H.

TURKISH JOURNAL OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCES, cilt.25, ss.976-994, 2017 (SCI İndekslerine Giren Dergi)

  • Cilt numarası: 25 Konu: 2
  • Basım Tarihi: 2017
  • Doi Numarası: 10.3906/elk-1503-127
  • Dergi Adı: TURKISH JOURNAL OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCES
  • Sayfa Sayısı: ss.976-994

Özet

The Android operating system has increased in popularity and has been increasing its shares in the smart phone market. Users can carry out their daily work such as paying bills, being social, and sharing photos through mobile applications. These applications have access to sensitive information about the user, such as location, contacts, call logs, and SMS messages. However, the users have no knowledge of the applications or the personal information these applications have access to. Even if an application is not malware or does not have malicious behavior, it can compromise the security and privacy of the user by accessing the permissions and gathering sensitive personal information. In this study, we have designed and implemented a prototype of a novel fuzzy risk inference system that serves as a web based service. The system analyzes the risks related to Android-based mobile applications and performs risk scoring by taking several features into account. The system presents the user with the risks of exposure before the installation of applications on the user's device and serves as an intelligent decision support system.