Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Trust4App: Automating Trustworthiness Assessment of Mobile Applications

: Habib, Sheikh Mahbub; Alexopoulos, Nikolas; Islam, Monirul; Heider, Jens; Marsh, Stephen; Mühlhäuser, Max


Institute of Electrical and Electronics Engineers -IEEE-:
17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2018. 12th IEEE International Conference on Big Data Science and Engineering, BigDataSE 2018. Proceedings : 31 July - 3 August 2018, New York, New York
Piscataway, NJ: IEEE, 2018
ISBN: 978-1-5386-4388-4
ISBN: 978-1-5386-4387-7
ISBN: 978-1-5386-4389-1
International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) <17, 2018, New York/NY>
International Conference on Big Data Science and Engineering (BigDataSE) <12, 2018, New York/NY>
International Symposium on Security, Privacy and Trust in Internet of Things (SPTIoT) <2, 2018, New York/NY>
Fraunhofer SIT ()

Smartphones have become ubiquitous in our everyday lives, providing diverse functionalities via millions of applications (apps) that are readily available. To achieve these functionalities, apps need to access and utilize potentially sensitive data, stored in the user's device. This can pose a serious threat to users' security and privacy, when considering malicious or underskilled developers. While application marketplaces, like Google Play store and Apple App store, provide factors like ratings, user reviews, and number of downloads to distinguish benign from risky apps, studies have shown that these metrics are not adequately effective. The security and privacy health of an application should also be considered to generate a more reliable and transparent trustworthiness score. In order to automate the trustworthiness assessment of mobile applications, we introduce the Trust4App framework, which not only considers the publicly available factors mentioned above, but also takes into account the Security and Privacy (S&P) health of an application. Additionally, it considers the S&P posture of a user, and provides an holistic personalized trustworthiness score. While existing automatic trustworthiness frameworks only consider trustworthiness indicators (e.g. permission usage, privacy leaks) individually, Trust4App is, to the best of our knowledge, the first framework to combine these indicators. We also implement a proof-of-concept realization of our framework and demonstrate that Trust4App provides a more comprehensive, intuitive and actionable trustworthiness assessment compared to existing approaches.