{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,20]],"date-time":"2026-04-20T10:44:13Z","timestamp":1776681853313,"version":"3.51.2"},"reference-count":42,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2022,7,29]],"date-time":"2022-07-29T00:00:00Z","timestamp":1659052800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2022,7,29]],"date-time":"2022-07-29T00:00:00Z","timestamp":1659052800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/100010661","name":"Horizon 2020 Framework Programme","doi-asserted-by":"publisher","award":["813162"],"award-info":[{"award-number":["813162"]}],"id":[{"id":"10.13039\/100010661","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Data Sci. Eng."],"published-print":{"date-parts":[[2022,9]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Mobile apps represent essential tools in our daily routines, supporting us in almost every task. However, this assistance might imply a high cost in terms of privacy. Indeed, mobile apps gather a massive amount of data about individuals (e.g., users\u2019 profiles and habits) and their devices (e.g., locations), where not all are strictly needed for app execution. According to privacy laws, apps\u2019 providers must inform end-users on adopted data usage practices (e.g., which data are collected and for which purpose). Unfortunately, understanding these practices is a complex task for average end-users. The result is that they install apps without understanding their privacy implications. To support users in making more privacy-aware decisions on app usage, we propose a risk estimation approach based on an analysis of the app\u2019s code. This analysis adopts a hybrid strategy, exploiting static and dynamic code analyses. Static analysis aims at discovering which personal data an app is collecting to determine whether the target app is asking more than required. This gives the first estimation of the app\u2019s risk level. In addition, we also perform a dynamic analysis of the target app\u2019s code. This further analysis helps determining whether the collected personal data is consumed locally on the mobile device or sent out to external services. If this happens, the risk level has to be increased, as personal data are more exposed. To prove the proposal\u2019s effectiveness, we run several experiments involving different groups of participants. The obtained accuracy results are promising and outperform those obtained with static analysis only.<\/jats:p>","DOI":"10.1007\/s41019-022-00189-1","type":"journal-article","created":{"date-parts":[[2022,7,29]],"date-time":"2022-07-29T17:25:52Z","timestamp":1659115552000},"page":"242-252","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":23,"title":["A Risk Estimation Mechanism for Android Apps based on Hybrid Analysis"],"prefix":"10.1007","volume":"7","author":[{"given":"Ha Xuan","family":"Son","sequence":"first","affiliation":[]},{"given":"Barbara","family":"Carminati","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7312-6769","authenticated-orcid":false,"given":"Elena","family":"Ferrari","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,7,29]]},"reference":[{"key":"189_CR1","first-page":"327","volume":"35","author":"KA Bamberger","year":"2020","unstructured":"Bamberger KA (2020) Can you pay for privacy? consumer expectations and the behavior of free and paid apps. Berkeley Tech LJ 35:327","journal-title":"Berkeley Tech LJ"},{"issue":"6","key":"189_CR2","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1109\/MSEC.2019.2938445","volume":"17","author":"N Momen","year":"2019","unstructured":"Momen N, Hatamian M, Fritsch L (2019) Did app privacy improve after the GDPR? IEEE Secur Priv 17(6):10\u201320. https:\/\/doi.org\/10.1109\/MSEC.2019.2938445","journal-title":"IEEE Secur Priv"},{"key":"189_CR3","unstructured":"Reardon J (2019) 50 ways to leak your data: An exploration of apps\u2019 circumvention of the android permissions system. In: 28th USENIX Security Symposium (USENIX Security 19), pp. 603\u2013620"},{"key":"189_CR4","doi-asserted-by":"crossref","unstructured":"Son HX, Carminati B, Ferrari E (2021) A risk assessment mechanism for android apps. In: 2021 IEEE International Conference on Smart Internet of Things (SmartIoT), pp. 237\u2013244. IEEE","DOI":"10.1109\/SmartIoT52359.2021.00044"},{"key":"189_CR5","unstructured":"Chandrasekaran D, Mago V (2020) Evolution of semantic similarity\u2013a survey. In: arXiv preprint arXiv:2004.13820"},{"key":"189_CR6","doi-asserted-by":"crossref","unstructured":"Wu Z, Palmer M (1994) Verb semantics and lexical selection. In: arXiv preprint cmp-lg\/9406033","DOI":"10.3115\/981732.981751"},{"issue":"4","key":"189_CR7","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3287051","volume":"2","author":"H Jin","year":"2018","unstructured":"Jin H (2018) Why are they collecting my data? inferring the purposes of network traffic in mobile apps. Proc ACM Interact Mob Wear Ubiquitous Technol 2(4):1\u201327","journal-title":"Proc ACM Interact Mob Wear Ubiquitous Technol"},{"key":"189_CR8","unstructured":"Sachdev SB, Verma HV (2004) Relative importance of service quality dimensions: A multisectoral study. J Services Res 4(1)"},{"key":"189_CR9","doi-asserted-by":"crossref","unstructured":"Sarma BP (2012) Android permissions: a perspective combining risks and benefits. In: Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, pp. 13\u201322","DOI":"10.1145\/2295136.2295141"},{"key":"189_CR10","doi-asserted-by":"crossref","unstructured":"Peng H (2012) Using probabilistic generative models for ranking risks of android apps. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 241\u2013252","DOI":"10.1145\/2382196.2382224"},{"key":"189_CR11","doi-asserted-by":"crossref","unstructured":"Wu Z, Chen X, Lee SU-J (2020) Fcdp: Fidelity calculation for description-to-permissions in android apps. IEEE Access","DOI":"10.1109\/ACCESS.2020.3047019"},{"key":"189_CR12","doi-asserted-by":"crossref","unstructured":"Chia PH (2012) Is this app safe? a large scale study on application permissions and risk signals. In: Proceedings of the 21st International Conference on World Wide Web, pp. 311\u2013320","DOI":"10.1145\/2187836.2187879"},{"key":"189_CR13","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101685","volume":"89","author":"O Olukoya","year":"2020","unstructured":"Olukoya O, Mackenzie L, Omoronyia I (2020) Security-oriented view of app behaviour using textual descriptions and user-granted permission requests. Comput Secur 89:101685","journal-title":"Comput Secur"},{"key":"189_CR14","doi-asserted-by":"crossref","unstructured":"Felt AP (2011) Android permissions demystified. In: 18th ACM Conference on Computer and Communications Security, pp. 627\u2013638","DOI":"10.1145\/2046707.2046779"},{"key":"189_CR15","doi-asserted-by":"publisher","first-page":"509","DOI":"10.1016\/j.future.2020.02.002","volume":"107","author":"M Alazab","year":"2020","unstructured":"Alazab M (2020) Intelligent mobile malware detection using permission requests and api calls. Future Gener Comput Syst 107:509\u2013521","journal-title":"Future Gener Comput Syst"},{"key":"189_CR16","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2020.110533","volume":"163","author":"J Xiao","year":"2020","unstructured":"Xiao J (2020) An android application risk evaluation framework based on minimum permission set identification. J Syst Softw 163:110533","journal-title":"J Syst Softw"},{"issue":"2","key":"189_CR17","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2619091","volume":"32","author":"W Enck","year":"2014","unstructured":"Enck W (2014) Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans Comput Syst (TOCS) 32(2):1\u201329","journal-title":"ACM Trans Comput Syst (TOCS)"},{"key":"189_CR18","doi-asserted-by":"crossref","unstructured":"Simon L et al. (2016) Don\u2019t interrupt me while i type: Inferring text entered through gesture typing on android keyboards. Priv Enhancing Technol, 136\u2013154","DOI":"10.1515\/popets-2016-0020"},{"key":"189_CR19","unstructured":"Commission FT et al. (2016) Mobile advertising network inmobi settles ftc charges it tracked hundreds of millions of consumers\u2019 locations without permission. In: press release (June 22), https:\/\/tinyurl.com\/h83c2be"},{"key":"189_CR20","doi-asserted-by":"crossref","unstructured":"Backes M (2016) Reliable third-party library detection in android and its security applications. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 356\u2013367","DOI":"10.1145\/2976749.2978333"},{"key":"189_CR21","doi-asserted-by":"crossref","unstructured":"Wang H (2015) Wukong: A scalable and accurate two-phase approach to android app clone detection. In: Proceedings of the 2015 International Symposium on Software Testing and Analysis, pp. 71\u201382","DOI":"10.1145\/2771783.2771795"},{"key":"189_CR22","doi-asserted-by":"crossref","unstructured":"Zhang X (2020) Enhancing state-of-the-art classifiers with api semantics to detect evolved android malware. In: Proceedings of the Conference on Computer and Communications Security, pp. 757\u2013770","DOI":"10.1145\/3372297.3417291"},{"key":"189_CR23","unstructured":"Zhu S (2020) Measuring and modeling the label dynamics of online anti-malware engines. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 2361\u20132378"},{"issue":"3","key":"189_CR24","doi-asserted-by":"publisher","first-page":"209","DOI":"10.1007\/s11416-019-00332-z","volume":"15","author":"AK Singh","year":"2019","unstructured":"Singh AK et al (2019) Experimental analysis of android malware detection based on combinations of permissions and api-calls. J Comput Virol Hacking Tech 15(3):209\u2013218","journal-title":"J Comput Virol Hacking Tech"},{"key":"189_CR25","doi-asserted-by":"publisher","first-page":"21235","DOI":"10.1109\/ACCESS.2019.2896003","volume":"7","author":"Z Ma","year":"2019","unstructured":"Ma Z (2019) A combination method for android malware detection based on control flow graphs and machine learning algorithms. IEEE Access 7:21235\u201321245","journal-title":"IEEE Access"},{"issue":"1","key":"189_CR26","doi-asserted-by":"publisher","first-page":"265","DOI":"10.1007\/s10586-016-0703-5","volume":"21","author":"Y Yang","year":"2018","unstructured":"Yang Y (2018) Droidward: an effective dynamic analysis method for vetting android applications. Cluster Comput 21(1):265\u2013275","journal-title":"Cluster Comput"},{"key":"189_CR27","doi-asserted-by":"crossref","unstructured":"Yuan Z (2014) Droid-sec: deep learning in android malware detection. In: Proceedings of ACM Conference on SIGCOMM, pp. 371\u2013372","DOI":"10.1145\/2740070.2631434"},{"key":"189_CR28","doi-asserted-by":"crossref","unstructured":"Sch\u00fctte J (2015) Condroid: Targeted dynamic analysis of android applications. In: 2015 IEEE 29th International Conference on Advanced Information Networking and Applications, pp. 571\u2013578. IEEE","DOI":"10.1109\/AINA.2015.238"},{"issue":"2","key":"189_CR29","doi-asserted-by":"publisher","first-page":"45","DOI":"10.2478\/popets-2020-0017","volume":"2020","author":"A Shuba","year":"2020","unstructured":"Shuba A, Markopoulou A (2020) Nomoats: towards automatic detection of mobile tracking. Proc Priv Enhancing Technol 2020(2):45\u201366","journal-title":"Proc Priv Enhancing Technol"},{"key":"189_CR30","doi-asserted-by":"publisher","first-page":"126","DOI":"10.1016\/j.future.2020.09.006","volume":"115","author":"O Yurekten","year":"2021","unstructured":"Yurekten O, Demirci M (2021) Sdn-based cyber defense: a survey. Future Gener Comput Syst 115:126\u2013149","journal-title":"Future Gener Comput Syst"},{"key":"189_CR31","doi-asserted-by":"crossref","unstructured":"Gajrani J (2020) Effectiveness of state-of-the-art dynamic analysis techniques in identifying diverse android malware and future enhancements. In: Advances in Computers vol. 119, pp. 73\u2013120. Elsevier,","DOI":"10.1016\/bs.adcom.2020.03.002"},{"key":"189_CR32","doi-asserted-by":"publisher","first-page":"284","DOI":"10.1016\/j.ins.2019.09.024","volume":"511","author":"W Wang","year":"2020","unstructured":"Wang W (2020) Botmark: automated botnet detection with hybrid analysis of flow-based and graph-based traffic behaviors. Inf Sci 511:284\u2013296","journal-title":"Inf Sci"},{"key":"189_CR33","doi-asserted-by":"crossref","unstructured":"Zheng C (2012) Smartdroid: an automatic system for revealing ui-based trigger conditions in android applications. In: ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 93\u2013104","DOI":"10.1145\/2381934.2381950"},{"key":"189_CR34","doi-asserted-by":"crossref","unstructured":"Devecsery D (2018) Optimistic hybrid analysis: Accelerating dynamic analysis through predicated static analysis. In: 23rd International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 348\u2013362","DOI":"10.1145\/3296957.3177153"},{"key":"189_CR35","doi-asserted-by":"crossref","unstructured":"Palit T (2021) Dynpta: Combining static and dynamic analysis for practical selective data protection. In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 1919\u20131937 . IEEE","DOI":"10.1109\/SP40001.2021.00082"},{"issue":"1","key":"189_CR36","doi-asserted-by":"publisher","first-page":"1055","DOI":"10.1007\/s10586-017-1260-2","volume":"22","author":"NT Cam","year":"2019","unstructured":"Cam NT (2019) Detecting sensitive data leakage via inter-applications on android using a hybrid analysis technique. Cluster Comput 22(1):1055\u20131064","journal-title":"Cluster Comput"},{"key":"189_CR37","doi-asserted-by":"crossref","unstructured":"Ali-Gombe AI (2018) Toward a more dependable hybrid analysis of android malware using aspect-oriented programming. Comput Secur 73, 235\u2013248","DOI":"10.1016\/j.cose.2017.11.006"},{"issue":"24","key":"189_CR38","doi-asserted-by":"publisher","first-page":"35713","DOI":"10.1007\/s11042-019-07899-1","volume":"78","author":"G Shrivastava","year":"2019","unstructured":"Shrivastava G, Kumar P (2019) Sensdroid: analysis for malicious activity risk of android application. Multimed Tools Appl 78(24):35713\u201335731","journal-title":"Multimed Tools Appl"},{"key":"189_CR39","doi-asserted-by":"crossref","unstructured":"Hou S, Ye Y, Song Y, Abdulhayoglu M (2017) Hindroid: An intelligent android malware detection system based on structured heterogeneous information network. In: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1507\u20131515","DOI":"10.1145\/3097983.3098026"},{"key":"189_CR40","doi-asserted-by":"crossref","unstructured":"Ye Y, Hou S, Chen L, Lei J, Wan W, Wang J, Xiong Q, Shao F (2019) Out-of-sample node representation learning for heterogeneous graph in real-time android malware detection. In: 28th International Joint Conference on Artificial Intelligence (IJCAI)","DOI":"10.24963\/ijcai.2019\/576"},{"key":"189_CR41","doi-asserted-by":"crossref","unstructured":"Fan Y, Ju M, Hou S, Ye Y, Wan W, Wang K, Mei Y, Xiong Q (2021) Heterogeneous temporal graph transformer: An intelligent system for evolving android malware detection. In: Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery & Data Mining, pp. 2831\u20132839","DOI":"10.1145\/3447548.3467168"},{"key":"189_CR42","doi-asserted-by":"publisher","first-page":"689","DOI":"10.1007\/978-981-10-0557-2_68","volume-title":"Information Science and Applications (ICISA) 2016","author":"NT Cam","year":"2016","unstructured":"Cam NT (2016) Android security analysis based on inter-application relationships. Information Science and Applications (ICISA) 2016. Springer, Singapore, pp 689\u2013700"}],"container-title":["Data Science and Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s41019-022-00189-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s41019-022-00189-1\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s41019-022-00189-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,9,8]],"date-time":"2022-09-08T17:14:11Z","timestamp":1662657251000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s41019-022-00189-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,7,29]]},"references-count":42,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2022,9]]}},"alternative-id":["189"],"URL":"https:\/\/doi.org\/10.1007\/s41019-022-00189-1","relation":{},"ISSN":["2364-1185","2364-1541"],"issn-type":[{"value":"2364-1185","type":"print"},{"value":"2364-1541","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,7,29]]},"assertion":[{"value":"8 April 2022","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"9 June 2022","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"6 July 2022","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"29 July 2022","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}