Abstract
Android applications pose many security risks that affect the security and privacy of their users. Adversaries construct different types' Android applications pose many security risks that affect the security and privacy of their users. Adversaries construct different types of malicious applications and use different social engineering approaches to attract users to download and trust these applications. Malicious applications usually request permissions that are not related to their main functionality in order to access sensitive information or resources. Most of users attempt to grant the requested permissions without understanding the potential harm of those applications and how the requested permissions can be misused to disclose their privacy. Therefore, there is a need for a risk assessment model which can intimate the users about the risk level of permissions requested by an application in order to assist users to make the right decision whether to grant or deny a requested permission. This paper proposes Permission Usage and Risk Estimation for Android (PUREDroid) to measure the security risk of Android applications' permissions and the magnitude of harm resulting from granting extraneous permissions requests. In an evaluation with more than 25000 applications, including 5773 malware applications and 19242 benign applications, we demonstrate the usefulness and the effectiveness of our proposed scoring method.