AI and Its Risks in Android Smartphones: A Case of Google Smart Assistant

This paper intends to highlight the risks of AI in Android smartphones. In this regard, we perform a risk analysis of Google Smart Assistant, a state-of-the-art, AI-powered smartphone app, and assess the transparency in its risk communication to users and implementation. Android users rely on the transparency of an app’s descriptions and Permission requirements for its risk evaluation, and many risk evaluation models consider the same factors while calculating app threat scores. Further, different risk evaluation models and malware detection methods for Android apps use an app’s Permissions and API usage to assess its behavior. Therefore, in our risk analysis, we assess Description-to-Permissions fidelity and Functions-to-API-Usage fidelity in Google Smart Assistant. We compare Permission and API usage in Google Smart Assistant with those of four leading smart assistants and discover that Google Smart Assistant has unusual permission requirements and sensitive API usage. Our risk analysis finds a lack of transparency in risk communication and implementation of Google Smart Assistant. This lack of transparency may make it impossible for users to assess the risks of this app. It also makes some of the state-of-the-art app risk evaluation models and malware detection methods ineffective.

[1]  Alessandro Acquisti,et al.  Gone in 15 Seconds: The Limits of Privacy Transparency and Control , 2013, IEEE Security & Privacy.

[2]  Sangjin Lee,et al.  Intelligent Virtual Assistant knows Your Life , 2018, ArXiv.

[3]  Xu Li,et al.  Smartphone Bloatware: An Overlooked Privacy Problem , 2017, SpaCCS.

[4]  Josephine Lau,et al.  Alexa, Are You Listening? , 2018, Proc. ACM Hum. Comput. Interact..

[5]  Faqihza Mukhlish,et al.  The Risks of Low Level Narrow Artificial Intelligence , 2018, 2018 IEEE International Conference on Intelligence and Safety for Robotics (ISR).

[6]  Abhinav Sinha,et al.  Incentive Mechanisms for Fairness Among Strategic Agents , 2017, IEEE Journal on Selected Areas in Communications.

[7]  Giulio Sandini,et al.  A Survey of Artificial Cognitive Systems: Implications for the Autonomous Development of Mental Capabilities in Computational Agents , 2007, IEEE Transactions on Evolutionary Computation.

[8]  Lilian Mitrou,et al.  Reengineering the user: privacy concerns about personal data on smartphones , 2015, Inf. Comput. Secur..

[9]  Constantinos Patsakis,et al.  Monkey Says, Monkey Does: Security and Privacy on Voice Assistants , 2017, IEEE Access.

[10]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[11]  Ziming Zhao,et al.  RiskMon: continuous and automated risk assessment of mobile applications , 2014, CODASPY '14.

[12]  Elisa Bertino,et al.  Android resource usage risk assessment using hidden Markov model and online learning , 2017, Comput. Secur..

[13]  Petar S. Aleksic,et al.  Keyword spotting for Google assistant using contextual speech recognition , 2017, 2017 IEEE Automatic Speech Recognition and Understanding Workshop (ASRU).

[14]  Ming Fan,et al.  DAPASA: Detecting Android Piggybacked Apps Through Sensitive Subgraph Analysis , 2017, IEEE Transactions on Information Forensics and Security.

[15]  Fuchun Joseph Lin,et al.  Situation awareness in a smart home environment , 2016, 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT).

[16]  William Seymour,et al.  How loyal is your Alexa?: Imagining a Respectful Smart Assistant , 2018, CHI Extended Abstracts.

[17]  Yuan Tian,et al.  Understanding and Mitigating the Security Risks of Voice-Controlled Third-Party Skills on Amazon Alexa and Google Home , 2018, ArXiv.

[18]  Alessandra Gorla,et al.  Checking app behavior against app descriptions , 2014, ICSE.

[19]  Giuseppe Lugano,et al.  Virtual assistants and self-driving cars , 2017, 2017 15th International Conference on ITS Telecommunications (ITST).

[20]  Satoshi Tomioka,et al.  Nonlinear Least Square Regression by Adaptive Domain Method With Multiple Genetic Algorithms , 2007, IEEE Transactions on Evolutionary Computation.

[21]  Gianluca Dini,et al.  Risk analysis of Android applications: A user-centric solution , 2018, Future Gener. Comput. Syst..

[22]  Bo Lang,et al.  Topic Model Based Android Malware Detection , 2019, SpaCCS.

[23]  H. Varian Computer Mediated Transactions , 2010 .

[24]  Witawas Srisa-an,et al.  Significant Permission Identification for Machine-Learning-Based Android Malware Detection , 2018, IEEE Transactions on Industrial Informatics.

[25]  Nai-Wei Lo,et al.  An analysis framework for information loss and privacy leakage on Android applications , 2014, 2014 IEEE 3rd Global Conference on Consumer Electronics (GCCE).

[26]  Xiao Chen,et al.  Using AI to Hack IA: A New Stealthy Spyware Against Voice Assistance Functions in Smart Phones , 2018, ArXiv.

[27]  Mark West,et al.  I'd blush if I could: closing gender divides in digital skills through education , 2019 .

[28]  Tim French,et al.  On the Interactions of Awareness and Certainty , 2011, Australasian Conference on Artificial Intelligence.

[29]  Zibin Zheng,et al.  MalPat: Mining Patterns of Malicious and Benign Android Apps via Permission-Related APIs , 2018, IEEE Transactions on Reliability.

[30]  Zhong Chen,et al.  AutoCog: Measuring the Description-to-permission Fidelity in Android Applications , 2014, CCS.

[31]  Kai Rannenberg,et al.  Styx: Privacy risk communication for the Android smartphone platform based on apps' data-access behavior patterns , 2015, Comput. Secur..

[32]  Dongqing Xie,et al.  Assessing privacy behaviors of smartphone users in the context of data over-collection problem: An exploratory study , 2017, 2017 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computed, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI).

[33]  Yang Xu,et al.  An adaptive and configurable protection framework against android privilege escalation threats , 2019, Future Gener. Comput. Syst..