Multi-dimensional assessment for Android application security based on users’ evaluation

With the increasing Android applications, the problem of malicious behavior in Android applications is growing. Some applications are hostile in their design, and some collect excessive information in use and behave in a user-unexpected way. Existing application’s security detection methods include static and dynamic analysis, with limitations such as single detection methods, poorly integrated detection, and failure to consider user expectations. Therefore, based on the behavior of the Android application, this paper proposes a comprehensive mobile applications detection mechanism combining static analysis, dynamic analysis, and users’ subjective expectations. This paper introduces permission relevancy in static detection to enhance the fine grain of permission-based static detection. Moreover, the historical confidence in dynamic analysis quantitates the applications’ behavior characteristics, and the low efficiency is compensated. Static analysis can guide the dynamic analysis and improve the accuracy and coverage rate. We introduce subjective expectations to private objects and a comprehensive monitoring mechanism during the assessment process. An experiment based on real-world Android applications is carried out to validate the scheme in this paper. According to the Android application test analysis, the proposed mechanism can quantitate and assess the software security based on different users’ degrees of privacy concerns. The experiments demonstrate that our proposed system achieves a recognition rate of 97.27% for identifying malicious behaviors in test application. The proposed mechanism is more accurate than only static analysis, more efficient than only dynamic analysis, and the degree of danger can be adjusted according to the user’s subjective expectations.