Automating Trustworthiness Assessment of Mobile Applications
Smartphones have become the information hub for people and organizations. In order to enhance the usability of smartphones, so-called mobile apps are available in app stores for download. Many of these apps are useful for our daily life. However, the current app stores do not provide means to support users in distinguishing “good” (trusted) apps from the “bad” (untrusted) ones considering security & privacy related factors. In this thesis, a system architecture is proposed to automate the trustworthiness assessment of mobile apps from an end-user perspective. We also plan to develop a solution to realize the system that calculates and visualizes the trust score of mobile apps.
Mobile apps are usually downloaded from the application marketplaces, e.g. Google’s Play Store. Researchers have analyzed what apps actually do in the background as well as how some of those apps compromise user’s privacy & security. This lead to a question whether the mobile apps in designated marketplaces can be REALLY trusted with respect to security & privacy requirements of the users.
In this thesis, we want to design and develop a solution to automate the trustworthiness assessment of mobile apps from an end-user perspective.
There are several factors, e.g. number of downloads, user ratings, number of permissions used by the apps, which can be considered for trustworthiness assessment.
The goal of this thesis is to find out various trust factors that can influence the trustworthiness assessment of the apps. In order to automate the assessment process, we will use various machine learning techniques and leverage computational trust methods (CertainTrust/CertainLogic) developed at TK.
People can only identify the “good” apps from the “bad” ones, if the app stores or the smartphones equipped with a component to assess the trustworthiness of the apps before they are downloaded. By applying trust-based assessment methods, more information about the apps will be available to guide users not only in downloading apps of “good” quality but also apps respecting security and privacy factors of the users.
- Sheikh Mahbub Habib (sheikh(a-t)tk.tu-darmstadt.de)
Forschungsgebiete:CYSEC, CROSSING, privacy-trust, Telecooperation , – SPIN: Smart Protection in Infrastructures and Networks, S1