Abstract

Android is currently the prevailing mobile operating system accompanied by ahuge number of apps available at various online market platforms. To protectagainst malicious or vulnerable apps, Android comprises a permission-based se-curity model and some, but yet opaque security checks conducted by GooglePlay. Under these conditions, assessing the security of an app according touser-specific requirements is hardly possible. Nevertheless, end users and pro-fessionals, such as IT administrators, need to understand apps’ security implica-tions prior to installation or rollout. To address this need, we present App-Ray,a novel security scanning framework which analyses apps according to user-specific security requirements. The contribution of our paper is a method torefine such requirements to specific test criteria, and to automatically combinestatic and analysis methods for their evaluation. We demonstrate the feasibilityof our approach by implementing a prototype and running user-specific analysison 50 apps.