Article Preview
Top1. Introduction
It is nothing much surprising that the mobile app industry is flourishing and growing immediately after 2008 when the first app was launched. In today’s era, everyone’s life revolves around smartphones, which has raised a serious concern for security and privacy. One of the biggest issues being faced by this trending technology is the protection of smartphone devices against various security threats and prevention of user’s privacy leaks. One of the most exciting features of smartphones is that their functionalities can be expanded by installing third-party applications called as ‘apps’. Android is one of the most popularly used platforms for smartphones with billions of apps available on its official 'Play Store'. As reported by buildfire statistics, there were 2.7 billion smartphone users in the world in 2019 and on an average, a smartphone user uses about 30 apps per month (Blair, n.d.). Apps for the Android OS are mainly written in the JAVA and KOTLIN language (Bose, 2018). With the increase in the development of Android apps since 2008 when the first android app was launched, there are over 2.9 million apps available for download on the Google Play Store globally (Market.us, n.d.). However, this has also resulted in increase of privacy breach of users. App usage rate is increasing at a steady rate with no signs of decline in the future. Forbes stated that the testing specialist researchers at Comparitech had found out that the apps which had been installed for more than 28 million times were detected to show attack paths to threat actors looking to exploit vulnerabilities on the Android platform (Winder, n.d.). The apps were scanned for dangerous permissions and trackers embedded within them.
To summarize on one hand, the smartphones provide the users an open platform to download third party apps from play stores and have fun and enjoyment, on the other hand, they bring loads of unknown risk to the security of the personal data of the users. The users so conveniently download the apps without foreseeing the damage they can bring in their lives. Studies have revealed that the users blindly grant the permissions to run the app in such a hurry that they can’t foresee the harm that app can cause. Therefore, it is the responsibility of the developers to request only relevant permissions and they should be transparent so that the users can make informed decisions.
Research studies have also revealed that malware apps can steal sensitive personal information such as login credentials, biometric information, financial and banking information. Additionally, the apps are also capable of accessing gallery images of the owner and other people, videos, important documents, contact details, call logs, messages, emails, location details, IMEI number, IP address, etc. (TermsFeed, n.d.). Hence analysis of apps needs immediate attention. To analyze behaviour of apps lot of researchers have performed static analysis of apps to prompt the users and to warn them even before running the app about its risky behaviour.
Various studies discussed in Section II have detected privacy violations by Android apps data sets comprising thousands of apps irrespective of the category of the app. In this work, we have incorporated app's category which plays a major role in app analysis process to identify malicious behavior. Apps on Android platform are sorted based on category. An app's category is very important as it depicts the general behaviour and function of an app. To substantiate the fact, an app belonging to photo and video category will require access to user's photo album and camera to function well. Likewise, there are several other permissions like location, Bluetooth, SMS read/write permission, microphone etc. Therefore, it is the responsibility of developer to choose app's category wisely before uploading on Play Store. Currently there are 35 categories available on Google Play Store, therefore permissions play a very important role in our research study (Play, n.d.). As use of some permissions such as user’s location might be very useful in maps and navigation category while the same permission might be dangerous for some other categories such us. As permissions embedded in app and category plays a very important role to identify basic functionality of an app. In the course of this study, we have performed category-based analysis of the risky permissions requested by android apps when they are being downloaded and before they are run to an Android device.
A brief summary of the prime contributions of the proposed work is listed level by level as follows: