Confidentiality and privacy information security risk assessment for Android-based mobile devices

Abstract

Increasing use of smartphones for work and private purposes have mingled both the valuable personal data to work data unintentionally. Android permission-based security model are used to restrict the ability of applications to access device resources, but it failed to provide an adequate control for users and a visibility of how third party applications using personal data of users. The permission warnings when installing applications do not help most users in taking right security decisions. This research aims at developing a risk assessment method to determine security posture, at Android smartphone The method can help users to increase the security level of a device, especially against sensitive data leakage. The design of risk assessment uses two approaches, security configuration level assessment and sensitive data risk assessment. Security configuration level assessment is based on built-in Android smartphone configurations, while sensitive data risk assessment is based on combination of permissions from all applications installed on the device. Design of risk assessment implemented on Android smartphone called Smartphone Risk Assessment (SRA). The evaluation has been done by a usability testing using the System Usability Scale (SUS) questionnaire. The result shows that the SRA is rated as "Good" by respondents based on SUS score. The SRA is considered to be helpful by users to determine potential threats of their smartphones and any applications that has potential to leak sensitive data.