JIS  Vol.10 No.2 , April 2019
Associated Risks in Mobile Applications Permissions
Abstract: Mobile applications affect user’s privacy based on the granted application’s permissions as attackers exploit mobile application permissions in Android and other mobile operating systems. This research divides permissions based on Google’s classification of dangerous permissions into three groups. The first group contains the permissions that can access user’s private data such as reading call log. The second group contains the permissions that can modify user’s data such as modifying the numbers in contacts. The third group contains the remaining permissions which can track the location, and use the microphone and other sensitive issues that can spy on the user. This research is supported by a study that was conducted on 100 participants in Saudi Arabia to show the level of users’ awareness of associated risks in mobile applications permissions. Associations among the collected data are also analyzed. This research fills the gap in user’s awareness by providing best practices in addition to developing a new mobile application to help users decide whether an application is safe to be installed and used or not. This application is called “Sparrow” and is available in Google Play Store.
Cite this paper: Al Jutail, M. , Al-Akhras, M. and Albesher, A. (2019) Associated Risks in Mobile Applications Permissions. Journal of Information Security, 10, 69-90. doi: 10.4236/jis.2019.102004.

[1]   Mass, F. (2017) Coming off a Slow 2016, Smartphone Shipment Volume Expected to Recover in 2017 and Gain Momentum into 2018, According to IDC. (IDC) Worldwide Quarterly Mobile Phone Tracker.

[2]   Chen, L., McGrew, D. and Mitchell C. (2016) Security Standardisation Research. Springer International, New York.

[3]   Carrascosa, I.P., Kalutarage, H.K. and Huang, Y. (2017) Data Analytics and Decision Support for Cybersecurity: Trends, Methodologies and Applications. Springer International Publishing, Cham.

[4]   Doherty, J. (2016) Wireless and Mobile Device Security. Jones & Bartlett Learning, Burlington.

[5]   Elenkov, N. (2015) Android Security Internals: An In-Depth Guide to Android’s Security Architecture. No Starch Press, San Francisco.

[6]   Six, J. (2012) Application Security for the Android Platform. O’Reilly Media, Sebastopol.

[7]   Android Developer (2017) Request App Permissions

[8]   Pelet, J.-E. (2016) Mobile Platforms, Design, and Apps for Social Commerce. Advances in E-Business Research Series, IGI Global, New York.

[9]   Ayed, A.B. (2015) A Literature Review on Android Permission System. International Journal of Advanced Research in Computer Engineering & Technology, 4, 1520-1523.

[10]   Felt, A.P., Ha, E., Egelman, S. and Haney, A. (2012) Android Permissions: User Attention, Comprehension, and Behavior. Computer Science Department, University of California, Oakland, 1-14.

[11]   Mukherjea, S. (2017) Mobile Application Development, Usability, and Security. Information Science Reference, Hershey.

[12]   Agrawal, R. and Srikant, R. (1994) Fast Algorithms for Mining Association Rules. Proceedings of the 20th Very Large Data Bases (VLDB) Conference, Santiago, 12-15 September 1994, 487-499.

[13]   Frank, E., Hall, M.A. and Witten, I.H. (2016) The WEKA Workbench. Online Appendix for “Data Mining: Practical Machine Learning Tools and Techniques”. 4th Edition, Morgan Kaufmann, Burlington.

[14]   Ali, S.S., Danger, J.-L. and Eisenbarth, T. (2017) Security, Privacy, and Applied Cryptography Engineering. 7th International Conference, SPACE 2017, Goa, 13-17 December 2017.

[15]   Google Family Link. Google LLC.

[16]   Garcia-Alfaro, J., Lioudakis, G., Cuppens-Boulahia, N., Foley, S. and Fitzgerald, W.M. (2017) Data Privacy Management and Autonomous Spontaneous Security. DPM 2013, 6th International Workshop, SETOP 2013, Egham, 12-13 September 2013, 213-231.

[17]   Chell, D., Erasmus, T., Colley, S. and Whitehouse, O. (2015) The Mobile Application Hacker’s Handbook. John Wiley & Sons, Indianapolis.