Visible to the public Trust4App: Automating Trustworthiness Assessment of Mobile Applications

TitleTrust4App: Automating Trustworthiness Assessment of Mobile Applications
Publication TypeConference Paper
Year of Publication2018
AuthorsHabib, S. M., Alexopoulos, N., Islam, M. M., Heider, J., Marsh, S., Müehlhäeuser, M.
Conference Name2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)
Date Publishedaug
Keywordsactionable trustworthiness assessment, Apple App store, application marketplaces, automatic trustworthiness frameworks, automating trustworthiness assessment, composability, comprehensive trustworthiness assessment, Data collection, data privacy, Google, Google Play store, holistic personalized trustworthiness score, intuitive trustworthiness assessment, malicious developers, Malware, mobile applications, mobile computing, mobile security, potentially sensitive data, privacy, privacy health, pubcrawl, publicly available factors, risky apps, security, security assessment, security of data, smart phones, Tools, transparent trustworthiness score, Trust, Trust4App framework, Trusted Computing, trustworthiness, trustworthiness indicators, user reviews

Smartphones have become ubiquitous in our everyday lives, providing diverse functionalities via millions of applications (apps) that are readily available. To achieve these functionalities, apps need to access and utilize potentially sensitive data, stored in the user's device. This can pose a serious threat to users' security and privacy, when considering malicious or underskilled developers. While application marketplaces, like Google Play store and Apple App store, provide factors like ratings, user reviews, and number of downloads to distinguish benign from risky apps, studies have shown that these metrics are not adequately effective. The security and privacy health of an application should also be considered to generate a more reliable and transparent trustworthiness score. In order to automate the trustworthiness assessment of mobile applications, we introduce the Trust4App framework, which not only considers the publicly available factors mentioned above, but also takes into account the Security and Privacy (S&P) health of an application. Additionally, it considers the S&P posture of a user, and provides an holistic personalized trustworthiness score. While existing automatic trustworthiness frameworks only consider trustworthiness indicators (e.g. permission usage, privacy leaks) individually, Trust4App is, to the best of our knowledge, the first framework to combine these indicators. We also implement a proof-of-concept realization of our framework and demonstrate that Trust4App provides a more comprehensive, intuitive and actionable trustworthiness assessment compared to existing approaches.

Citation Keyhabib_trust4app:_2018