Abstract

Android has become the most popular mobile operating system all over the world. Due to its openness, users can install applications freely. At the same time, users are increasingly storing personal privacy information in their mobile phones, which has led to Android becoming the main target of malicious applications, and privacy leaks have occurred from time to time. Although the Android operating system provides the permissions to restrict the ability of applications to access sensitive resources, users do not pay much attention to the granting of permissions, which makes malicious applications available. Therefore, it is of great significance to make risk assessments for applications before installation. In this paper we propose a privacy risk assessment framework called PRADroid for Android applications. Through likelihood assessment based on permissions and severity assessment based on information flow analysis, a risk matrix is finally generated to score the application privacy risk. We evaluate PRADroid on 2000 Android applications, and the experimental results show that PRADroid can score reasonably and effectively.