A Proposal of Security Advisory System at the Time of the Installation of Applications on Android OS

For an Android-powered device, its security is established such that an application, when it is installed, declares the functions and other information that it will use, and user approves or rejects the declaration according to reviewing results. The problem is that, however, it is difficult for users to completely understand the details of a declaration, and careless users may neglect the approval process. In particular, in the case that a combination of multiple functions is involved, it would be impossible for users who are unfamiliar with technical details to evaluate its risk. In this paper, we propose a system model for supporting users' approval decision when an application is installed. Our system introduces reputation based security evaluation and also employs original analyses of combinations of permissions for malicious applications. We describe an implementation of the proposed system. Our interface design introduces user centered design that is especially suitable for users who are unfamiliar with technical details. We evaluate our system by employing subjects to measure the time and precision to distinguish malwares from innocent applications. As a result, we confirmed that our proposed system is considerably effective to distinguish malwares when an applications is installed.