University of Business and Technology in Kosovo UBT Knowledge Center Theses and Dissertations Student Work 4-2018 Permission-based Privacy Analysis for Android Applications Erza Gashi University for Business and Technology - UBT Follow this and additional works at: https://knowledgecenter.ubt-uni.net/etd Part of the Computer Sciences Commons Recommended Citation Gashi, Erza, "Permission-based Privacy Analysis for Android Applications" (2018). Theses and Dissertations. 1. https://knowledgecenter.ubt-uni.net/etd/1 This Thesis is brought to you for free and open access by the Student Work at UBT Knowledge Center. It has been accepted for inclusion in Theses and Dissertations by an authorized administrator of UBT Knowledge Center. For more information, please contact [email protected]. Faculty of Computer Science and Engineering Permission-based Privacy Analysis for Android Applications Student: Erza GASHI April 2018 Prishtina Faculty of Computer Science and Engineering Master Thesis Academic Period 2013-2014 Erza GASHI Permission-based Privacy Analysis for Android Applications Advisor: Dr Sc. Zhilbert TAFA April 2018 Submitted in partial fulfillment of the requirements for the degree of Master of Science ABSTRACT While Information and Communication Technology (ICT) trends are moving towards the Internet of Things (IoT), mobile applications are becoming more and more popular. Mostly due to their pervasiveness and the level of interaction with the users, along with the great number of advantages, the mobile applications bring up a great number of privacy related issues as well. These platforms can gather our very sensitive private data by only granting them a list of permissions during the installation process. Additionally, most of the users can find it difficult, or even useless, to analyze system permissions. Thus, their guess of app’s safety mostly relies on the features like rating and popularity, rather than in understanding context of listed permissions. In this work, we investigate the relationship between the features collected from Android Market API 23 and app’s privacy violation. These features include Popularity, Total Number of Permissions, Number of Dangerous Permissions, Rating and Package Size. To show the influence of each feature we use linear regression and Pearson R statistics. The conducted research can contribute to the classification of mobile applications concerning the threat on user’s privacy. i ACKNOWLEDGMENTS I would like to acknowledge my thesis mentor Prof. Zhilbert Tafa for the useful comments, remarks and engagement through the process of this master thesis. Furthermore, I express my very profound gratitude to my family especially to my spouse Artan, for providing me with unconditional support and continuous encouragement throughout my years of study and through the process of researching and writing this thesis. This accomplishment would not have been possible without them. Thank you. ii CONTENT LIST OF FIGURES .............................................................................................................. v ABBREVIATION ................................................................................................................ vii 1. INTRODUCTION .......................................................................................................... 1 1.1 Objective ........................................................................................................................... 1 1.2 Limitations ........................................................................................................................ 2 1.3 Thesis Structure ............................................................................................................... 2 2. LITERATURE REVIEW .............................................................................................. 4 2.1 Related Work .......................................................................................................................... 4 2.2 Definitions and Metrics .......................................................................................................... 6 2.1.1 Android Platform ........................................................................................................................ 6 2.1.1.1 API Levels......................................................................................................................... 7 2.1.2 Android Apps ............................................................................................................................. 7 2.1.3 Android Permissions ........................................................................................................................ 7 2.1.3.1 Protection Level ....................................................................................................................... 8 2.2 Statistical Methods ......................................................................................................... 10 2.2.1 Pearson correlation coefficient ................................................................................................. 10 2.2.2 Histogram ................................................................................................................................. 10 2.2.3 Scatter plot ................................................................................................................................ 11 3. PROBLEM STATEMENT .......................................................................................... 12 4. METHODOLOGY ....................................................................................................... 13 4.1 Data Collection ...................................................................................................................... 13 4.1.1 Categories ................................................................................................................................. 15 4.1.2 Sub-Categories.......................................................................................................................... 15 4.1.3 Applications .............................................................................................................................. 16 4.1.4 Permissions ............................................................................................................................... 16 4.1.5 Basic Statistics .......................................................................................................................... 18 4.1.5.1 Total number of applications........................................................................................... 18 4.1.5.2 Total number of categories .............................................................................................. 18 iii 4.1.5.3 Number of applications per category .............................................................................. 19 4.1.5.4 Top N downloaded applications ...................................................................................... 19 4.2 Estimating Privacy Risk ................................................................................................ 20 4.2.1 Condition#1: App has more than one dangerous permission. ................................................... 21 4.2.2 Condition#2: Has set of permissions ........................................................................................ 21 4.2.3 Condition#3: INTERNET granting permission ........................................................................ 23 4.3 Final Dataset .......................................................................................................................... 24 5. RESULTS ..................................................................................................................... 25 5.1 List of application with most number of permissions ........................................................ 25 5.2 Number of permissions per category .................................................................................. 26 5.3 Cumulative Distribution ....................................................................................................... 29 5.4 Top 10 Permissions ............................................................................................................... 30 5.4.1 Distribution in visual form ............................................................................................................. 31 5.5 Correlation between Rating and Number of Downloads .................................................. 32 5.6 Correlation between Package Size and Number of Permissions ...................................... 34 5.7 Correlation Heatmap ............................................................................................................ 36 6. CONCLUSION ............................................................................................................ 39 7. APPENDIX A .............................................................................................................. 40 8. APPENDIX B .............................................................................................................. 69 9. REFERENCES ............................................................................................................ 72 iv LIST OF FIGURES Figure 1. Grant permissions a) at install-time (left) and b) at run-time (right) .............................................. 9 Figure 2. Process of data