Unmasking Privacy Leakage through Android Apps Obscured with Hidden Permissions

Abstract

Data theft is a significant security threat for mobile app users. The growing importance of digitization motivates the diversity of available applications. In this paper, we propose a novel and lightweight method for classifying Android apps into low, medium, and high-risk categories. Our approach relies largely on the other permissions (also termed as hidden permissions) of the Android applications. We have proposed a linear regression-based technique to classify the apps into different risk categories. We will show how other permissions can be used as a strong indicator for defining risk categories. We have used K-means clustering to validate and explain the decision of our method. In an evaluation with 500 applications and 101 other permissions, our proposed approach decides the risk factor of an app, and the explanation is provided for each detection reveal relevant properties of the detected risk.