Effective Risk Communication For Android Apps

TO VIEW OUTPUT OF THIS PROJECT CLICK HERE:

ABSTRACT:

The popularity and advanced functionality of mobile devices has made them attractive targets for malicious and intrusive applications (apps). Although strong security measures are in place for most mobile systems, the area where these systems often fail is the reliance on the user to make decisions that impact the security of a device. As our prime example, Android relies on users to understand the permissions that an app is requesting and to base the installation decision on the list of permissions. Previous research has shown that this reliance on users is ineffective, as most users do not understand or consider the permission information. We propose a solution that leverages a method to assign a risk score to each app and display a summary of that information to users.

Results from four experiments are reported in which we examine the effects of introducing summary risk information and how best to convey such information to a user. Our results show that the inclusion of risk-score information has significant positive effects in the selection process and can also lead to more curiosity about security-related information.

EXISTING SYSTEM:

The GPS unit can tell exactly where you are, while the microphone can record audio, and the camera can record images. Additionally, mobile devices are often linked directly to some monetary risks, via SMS messages, phone calls, and data plans, which can impact a user’s monthly bill, or increasingly, as a means to authenticate to a bank or directly link to a financial account through a ‘digital wallet’. In Android an app must request a specific permission to be allowed access to a given resource. Android warns the user about permissions that an app requires before it is installed, with the expectation that the user will make an informed decision. The effectiveness of such a defense depends to a large degree on choices made by the users.

Indeed whether an app is considered too invasive or not may depend on the user’s privacy preference. It presents information which is more technical that is not understandable by the ordinary users.

DISADVANTAGES OF EXISTING SYSTEM:

·       It presents the summary of permissions that the app uses to the user in more abstract way that was not easily understood by the user.

·       Allows the user to install unsecure application that causes damage to the user data.

PROPOSED SYSTEM:

We propose the addition of a summary risk rating for each app. A summary risk rating enables easy risk comparisons among apps that provide similar functionalities. We believe that one reason why current permission information is often ignored by users is that it is presented in a “standalone” fashion and in a way that requires a lot of technical knowledge and time to distill useful information, making comparison across apps difficult. An important feature of the mobile app ecosystem is that users often have choices and alternatives when choosing a mobile app. If a user knows that one app is significantly riskier than another but

provides the same or similar functionality, then this fact may cause the user to choose the less risky one. This will in turn provide incentives for developers to better follow the least-privilege principle and request only necessary permissions. The method can rank the risk of any Android app among all apps available in Google Play, Google’s online market for Android apps. Such a risk ranking can be translated into categorical values such as very low, low, medium, and high risk, to provide a summary risk rating.

ADVANTAGES OF PROPOSED SYSTEM:

·       It present the summary of permissions required for the app in more simple way so that user can ignore unsecure application.

·       It provides comparison of two applications to find out which application is secure than other.

SYSTEM CONFIGURATION:-

HARDWARE REQUIREMENTS:-

ü Processor             -       Pentium –IV

ü Speed                  -       1.1 Ghz

ü RAM                   -       512 MB(min)

ü Hard Disk            -       40 GB

ü Key Board           -       Standard Windows Keyboard

ü Mouse                 -       Two or Three Button Mouse

ü Monitor               -       LCD/LED

SOFTWARE REQUIREMENTS:

•        Operating system    :       Android

•        Coding Language   :       Android SDK

•        Data Base                :       SQLite

•        Tool                        :       Eclipse

REFERENCE:

Christopher S. Gates, Jing Chen, Ninghui Li and Robert W. Proctor “EFFECTIVE RISK COMMUNICATION FOR ANDROID APPS” IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 11, NO. 3, MAY-JUNE 2014