A Multi-criteria-Based Evaluation of Android Applications

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7711)


Android users can face the risk of downloading and installing bad applications on their devices. In fact, many applications may either hide malware, or their expected behavior do not fully follow the user’s expectation. This happens because, at install-time, even if the user is warned with the potential security threat of the application, she often skips this alert message. On Android this is due to the complexity of the permission system, which may be tricky to fully understand.

We propose a multi-criteria evaluation of Android applications, to help the user to easily understand the trustworthiness degree of an application, both from a security and a functional side. We validate our approach by testing it on more than 180 real applications found either on official and unofficial markets.


Analytic Hierarchy Process Intrusion Detection System Comparison Matrix Comparison Matrice Global Priority 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bugiel, S., Davi, L., Dmitrienko, A., Heuser, S., Sadeghi, A.R., Shastry, B.: Practical and Lightweight Domain Isolation on Android. In: 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2011), pp. 51–61. ACM (2011)Google Scholar
  2. 2.
    Zhou, Y., Zhang, X., Jiang, X., Freeh, V.W.: Taming Information-Stealing Smartphone Applications (on Android). In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) Trust 2011. LNCS, vol. 6740, pp. 93–107. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  3. 3.
    Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: User attention, comprehension, and behavior. Technical report, Electrical Engineering and Computer SciencesUniversity of California at Berkeley (2012),
  4. 4.
    Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android Permissions Demystified. In: 8th ACM Conference on Computer and Communications Security (CCS 2011), pp. 627–638. ACM (2011)Google Scholar
  5. 5.
    Jiang, X.: Multiple Security Alerts: New Android Malware Found in Official and Alternative Android Markets (2011),
  6. 6.
    Dini, G., Martinelli, F., Matteucci, I., Petrocchi, M., Saracino, A., Sgandurra, D.: A Multi-Criteria-Based Evaluation of Android Applications. Technical report, Istituto di Informatica e Telematica, CNR, Pisa (2012),
  7. 7.
    Saaty, T.L.: Decision-making with the ahp: Why is the principal eigenvector necessary. European Journal of Operational Research 145(1), 85–91 (2003)MathSciNetzbMATHCrossRefGoogle Scholar
  8. 8.
    Saaty, T.L.: Decision making with the analytic hierarchy process. International Journal of Services Sciences 1(1) (2008)Google Scholar
  9. 9.
    Saaty, T.L.: How to make a decision: The analytic hierarchy process. European Journal of Operational Research 48(1), 9–26 (1990)zbMATHCrossRefGoogle Scholar
  10. 10.
    Saaty, T.L.: A scaling method for priorities in hierarchical structures. Journal of Mathematical Psychology 15(3), 234–281 (1977)MathSciNetzbMATHCrossRefGoogle Scholar
  11. 11.
    Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2011), pp. 3–14. ACM (2011)Google Scholar
  12. 12.
    Cannings, R.: An update on Android Market security (2011),
  13. 13.
    Enck, W., Ongtang, M., McDaniel, P.: On Lightweight Mobile Phone Application Certification. In: 16th ACM Conference on Computer and Communications Security (CCS 2009), pp. 235–254. ACM (2009)Google Scholar
  14. 14.
    Nauman, M., Khan, S., Zhang, X.: Apex: Extending Android Permission Model and Enforcement with User-defined Runtime Constraints. In: 5th ACM Symposium on Information Computer and Communication Security (ASIACCS 2010), ACM (2010)Google Scholar
  15. 15.
    Barrera, D., Kayacik, H.G., van Oorschot, P.C., Somayaji, A.: A Methodology for Empirical Analysis of Permission-Based Security Models and its Application to Android. In: 17th ACM Conference on Computer and Communications Security (CCS 2010). ACM (2010)Google Scholar
  16. 16.
    Saaty, T.L.: Decision making with the analytic hierarchy process. International Journal of Services Sciences 1, 83–98 (2008)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Costantino, G., Martinelli, F., Petrocchi, M.: Priorities-based review computation. In: AAAI Spring Symposium, 2012 1st Workshop on Intelligent Web Services Meet Social Computing, vol. SS-12-04 (2012)Google Scholar
  18. 18.
    Matteucci, I., Mori, P., Petrocchi, M.: Prioritized execution of privacy policies. In: 2012 7th Intl. Workshop on Data Privacy Management, DPM (2012)Google Scholar
  19. 19.
    Colantonio, A.: Prioritizing role engineering objectives using the analytic hierarchy process. In: De Marco, M., Te’eni, D., Albano, V., Za, S. (eds.) Information Systems: Crossroads for Organization, Management, Accounting and Engineering, pp. 419–427. Physica-Verlag HD (2012)Google Scholar
  20. 20.
    Rajbhandari, L., Snekkenes, E.: An approach to measure effectiveness of control for risk analysis with game theory. In: 2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST), pp. 24–29 (2011)Google Scholar
  21. 21.
    Dini, G., Martinelli, F., Saracino, A., Sgandurra, D.: MADAM: A Multi-Level Anomaly Detector for Android Malware. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 240–253. Springer, Heidelberg (2012)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  1. 1.Dipartimento di Ingegneria dell’ InformazioneUniversità di PisaItaly
  2. 2.Istituto di Informatica e TelematicaCNRPisaItaly

Personalised recommendations