A Proactive Approach toward Privacy Risk Assessment for Android Apps Permissions

Mobile devices store users' personal data. When mobile applications have access to this data they may leak it to third parties without users' consent. Google's Android platforms include a permission model that restricts applications' access to users' personal data. However, users are not aware of how their personal data would be used once applications are installed and permissions granted. This raises a potential privacy concern. In this paper we propose a proactive approach towards users' awareness of the privacy risk involved with granting permissions to Android applications. We present a dynamic privacy risk assessment model that assesses the risk to users' privacy associated to an application which requires a set of permissions. The parameters of this model are the severity and the relative importance of permissions and their interactions. Severity is evaluated according to a standard severity assessment method. The relative importance is estimated according to an analytic method. An experimental study to validate our proactive approach has been conducted. The originality of this works lies in that the privacy risk for a given device owned by an individual varies dynamically based on its different uses applications and related permissions.