Content uploaded by Suzan Anwar
Author content
All content in this area was uploaded by Suzan Anwar on Sep 29, 2020
Content may be subject to copyright.
Proc. of the 2
nd
International Conference on Electrical, Communication and Computer Engineering (ICECCE)
12-13 June 2020, Istanbul, Turkey
978-1-7281-7116-6/20/$31.00 ©2020 IEEE
Security Evaluation of Android Mobile Healthcare
and Fitness Applications
Suzan Anwar
Department of Computer Science
Philander Smith College
Little Rock, Arkansas, USA
sanwar@philander.edu
Department of Computer Science
Salahaddin University
Erbil, Iraq
suzan.anwar@su.edu.krd
Dalya Anwar
Department of Computer Science
Salahaddin University
Erbil, Iraq
dalya.anwar@su.edu.krd
Shereen Abdulla
Department of Computer Science
Ploytech University
Erbil, Iraq
shereebabdulla@epu.edu.krd
Abstract—the biggest risk to the privacy of data and
personal information of Android users that have mobile fitness
and healthcare applications is the unencrypted connection
between the application and an internet server. Another risk is
the potential security threats, brought about because users
often skip the alert message at install time. In this paper, both
the applications and network communication processes are
evaluated. The security part of the application takes place
during downloading and using the applications, then
determining what personal information the applications save in
the local storage inside these devices, comes after. The security
part of network communication includes analyzing the WIFI
communication between the instead application and the
Internet. We try to help Android health and fitness
applications users to easily understand how trustworthy an
application is by proposing a new security evaluation method
based on both multi-criteria evaluations and privacy risks of
an application. Out of the 110 apps found in different markets
which were tested, 51 apps were trusted, 31 apps were
untrusted, and 18 gave a short report to help the user to make
a decision about installing the application or not
Keywords— Android Mobile , Healthcare and Fitness,
MATLAB, Analytical Hierarchy Process
I. I
NTRODUCTION
The behaviors of many Android healthcare and fitness
applications cannot be expected and so, the users may
download some bad applications on their devices. face the
risk of downloading and installing bad apps on their devices.
These health care applications interfere with and threaten the
data and network security of users’ devices. There are a lot
of reasons for these threats, like skipping the alert message
(permissions) that are displayed at the time of the
application’s installation, which may be tricky to fully
understand. Another reason is that the communications
between the installed application and the Internet server does
not encrypted network connections, to provide a privacy for
user’s personal information when sent over these network
connections. In this paper MATLAB software is used for
multi criteria security evaluation of Android fitness and
healthcare apps, to help Android device user to make
informed decisions on installing an application, depending
on the result that the software will produce. Also, this paper
will help Android users to understand how trustworthy the
health and fitness applications they install are.
As shown in figure 1, the algorithm of the proposed method
consists of two parts; the first part is to evaluate the security
side of the apps, especially data and network (connection).
The second part is to build the MATLAB software that
computes the Analytical Hierarchy Process (AHP). AHP is a
popular methodology for multi-criteria decisions, that is used
for classifying Android fitness and healthcare applications to
according to the scores of the threating after installing and
using the apps.
Fig. 1. The Block Diagram for the Proposed Method
In this paper, a privacy evaluations of Android device
healthcare and fitness applications is presented. In detail, we
make the following contributions.
Firstly, we test and evaluate the security side of Android
health and fitness applications,
Secondly, we help the users of Android healthcare and
fitness applications to make the right decision regarding
downloading the application or not.
Thirdly, we build MATLAB software with a complete
manual on how to use the software.
Finally, we put the hope that at the end of the paper, many
of the Android Health and Fitness apps that have been tested
and analyzed to be updated or take out from the google store
or another marketplace.
Authorized licensed use limited to: University of Arkansas Litte Rock. Downloaded on September 29,2020 at 14:59:02 UTC from IEEE Xplore. Restrictions apply.
The paper is organized as following: In section 2 some
related works are pointed, these works concerning the
permission in Android and connection security system.
Section 3 explains the methodology to measure the danger
and threat score of the application and recalls the AHP
methodology. Section 4 states the outcomes of this paper’s
method and show some tested cases. And Section 5 briefly
concludes the proposed method and the result.
II. R
ELATED
W
ORK
A method to evaluate Android applications is proposed to
assist the user to understand the threat score and trust level of
an application, from both a functional and a security point of
view [1]. In this paper we used the same tool, the AHP to
evaluate Android health care and fitness applications. A
security framework proposed by Enck et, al. in which the
action of Android applications is regulated by introducing
the definition of concerning permission, security rules, and
operation precedence. Furthermore, a specification language
is used by adding some new rules [2]. There is now a finer
grained model presented for the Android permission system.
The framework, TISSA, is proposed by Zhou et, al., and the
Android system is modified in order to give the user the
ability to select the necessary permissions to install the
applications and these must be denied[3]. Nauman et, al.
presented work like TISSA. They designed an improved
application installer that grant the definition of three polices
for each permission before installing any Android
application. The policies are allowed, deny, or conditional
allow. A customized policy is defined by the policy called
conditional allow, at the end it is the user’s decision to install
the application or not [4]. Barrera et, al. classified the
applications based on the required permissions. Android
applications have been classified into functional clusters
based on their self-organizing map, by proving that all
applications having same set of permissions should have
similar functionalities [5].
Felt et, al. analyzed Android permissions and discussed a
tool, Stowaway, where the errors over definitions
permissions are discovered during the installation of any
Android Application. This tool was able to analyze about
85% of Android’s functions, the tool showed a superior use
with private applications by returning a mapping between
functions and permissions [6]. In this paper, we also analyze
Android health care and fitness application permissions by
assigning points according to the effect each application has
on users’ personal data, money, and device. Mylonas et, al.
discussed the privacy awareness of users during the
applications installation from the markets such as google and
explore whether users can access the security of an
application and be trusted to grant the access. [7]. In this
paper we tested applications from different markets like
Google play store, official market, and unofficial market.
Wangner et, al, analyzed a set of Android’s comments on
markets such as google paly and review users concerned
regarding the security and permissions in these comments.
As a result, 1% of user’s comments included references to
Android application permissions. Hence, MAETROID
framework is needed to analyze the permission of the
applications[8]. Oreschot et, al, addressed the security issues
detected by some unofficial Android application markets. A
framework that leverage application meta data is presented in
order to detect malicious applications coming from unofficial
markets. A kill-switch is implemented by the proposed
framework to uninstall any detected malicious applications
from Android mobiles that install it, this feature extended to
unofficial markets [9].
The overall security level represented in a security score is
demonstrated as an application for a system security
evaluation in [17]. In [18] threats brought by unofficial
Android marketplaces, and malicious distribution are
evaluated over three main regions. Android Debug Bridge
(ADB) shell is used to emulate fake data from touchscreen
and hardware buttons [19].
III. P
ROPOSED METHOD
The algorithm consists of two parts; in the first part we
evaluate the security side of the healthcare and fitness
application, especially data and network (connection). In
order to do that, the network communication between the
Internet and Android applications has been watched by
putting a laptop in the middle. We used Intercepter NG
software as a man-in the- middle which allows applications
to execute on the devices without any modifications. For data
security assessment the data that was stored by the apps has
been analyzed by using WireShark software. In the second
part, we built the MATLAB software that computed the
Analytical Hierarchy Process (AHP). AHP is a decision
maker tool for multi-criteria problems, that uses the threat
score to classify applications. The threat score includes the
permissions that the application needs to be installed and the
results of the first stage (data security) and some other
criteria. The criteria are market, no. of downloads, user rate,
and developer for each application. The danger score is
assigned for each health and fitness application. According to
the result of watching the packet that has been sniffed by
Intercepter, NG software, and monitoring the traffic
(HTTP/HTTPS) by WireShark, the danger score will result
in 1 or 0. A threat score is assigned to the permission based
on the criticality of both critical operations they control and
their resources. To compute and assigned the global threat
score for each application, we found the summation of a
function of the threat score of all the required permissions
and the danger score. Finally, the AHP is derived from the
global threat score. We divided the two parts of the proposed
method into five stages these stages are:
A. Application Installing Stage
In this stage we installed the selected application and
recorded the permissions for each application, then saved it
in a Microsoft Word Document. For example, the application
Noom Walk is one of Android’s health and fitness
applications; during the application installation we obtained
the following information regarding the Noom Walk
application and recorded it into a Word Document.
Name: Noom Walk
Permissions: Identity, Contacts, and Photos
No. of Download: 400000
User Rate: 4.1
Developer: Top Developer
Market: Google
B. Application Usage Stage
In this stage we used the application by creating an
account that included a username and password, if the
Authorized licensed use limited to: University of Arkansas Litte Rock. Downloaded on September 29,2020 at 14:59:02 UTC from IEEE Xplore. Restrictions apply.
application required us to do so. We also entered some
personal health or fitness information
C. Network Connection Security Testing Stage
In this stage we used Intercepter NG software which is
the well-known Wi-Fi Packet Sniffer Android Application. It
can be installed from the Google Play store. Intercepter-
NG is a allows sniffing both wired and wireless traffic during
application’s installation, display account information’s such
as username and password, steal cookies, and URL of sites
visited. Intercepter NG allows a developer to display all
HTTP and SSL/HTTPS traffic between the Internet and their
machine. This includes responses, requests, and the HTTP
headers (which contain the caching information and cookies)
[10]. We used Intercepter NG to sniff the packages during
using the application and saved them in a capture file (.cap).
In this paper, Intercepter NG was used to monitor the
network traffic between the Internet and healthcare and
fitness applications via Dell laptop as a man in the middle
and act as a bridge for users personal information between
the Internet and the applications as shown in figure 2. The
data captured by Intercepter NG is used via the low-level
tools WireShark, a tool that is used to analyze network also,
known as Ethereal, it is a real time packets capture to display
these packets in human readable format. Wireshark consists
of color coding, filters, and other features that let users watch
the network traffic and inspect individual packets [11].
Wireshark is an open-source and free packet sniffer. This
open source network packet sniffer is one of the well-known
packets sniffing freeware in the world. It is a packet sniffer
platform that performs on both Windows as well as UNIX.
One of the best features of Wireshark packet sniffer is that it
has a friendly GUI (Graphical User Interface) that makes it
extremely easy to setup and use. Apart from that, tons of
resources, including videos, to learn how to install, use and
analyze data via Wireshark is available in WireShark’s
website [12]. We opened the trace file (. Cap) using
WireShark to see if application using an encrypted network
connection to send user’s personal information. If the
application used an encrypted network connection, we
assigned danger score to 0. Otherwise we assigned the
danger score to 1. WireShark is used to look at the network
packets during the installation and the using of the
application.
Fig. 2 Network Connection Between Application and Internet Security
Testing
D. Global Threat Score Testing Stage
Currently, Android defines more than 120 permissions,
where the permission is related to a specific device resource
or to a critical operation that can possibly be exploited to
harm the user privacy, money, or the device itself.
AndroidMainfest.xml file includes the declaration of all
permissions required by an installed application, this file is a
part the application and it is bound by its digital signature.
Android permissions are classified into four classes:
dangerous, signature, dangerous, signature-or-system, and
normal [13]. This paper focused on the first two classes,
because they are shown at install-time and ask user to accept
them. The dangerous permissions are shown automatically to
the user, while the normal permissions are listed in a separate
sub list addressed as “Other Permissions”. For the criteria
like threat score and danger score, the points assigned for
each application as shown in table 1. We defined three threat
indexes for each permission. These indexes are privacy threat
in which the permissions that control the access to sensitive
data, e.g. the user’s stored files, contact list, SIM, and
Internet bookmarks have a high value of this. Second threat
is system threat we assigned high value to applications
accessing system data e.g. permissions that allows the
application to install and uninstall applications, write to the
device memory, or access sensors whose improper use can
leak the battery energy. Third threat index is money threat,
we assigned high value to application with permissions that
control services whose use directly imply a money cost, such
outgoing SMS or phone calls. These three threats are defined
in the interval [0; 1], where 1 means the highest threat and 0
means no threat as shown in table 1. We have assigned these
three threat values manually for each application permission,
according to the resources, actions, or controlled by that
specific permission. The threat indexes assigned for
permission contact is shown in table 2. For each application
we compute the global threat score g using equation 1.
g=
=
++
n
i
MiSiPi
1
(1)
Where n is the number of permissions declared by the
application and P, S, M are, the privacy, system, money
threat of the permission required by application, respectively.
We consider applications with g lower than 4 as low threat
applications, while ones with g in the interval [4, 7] are
moderate applications, and those with g greater than 7 are
high threat applications. For example, the permission
Contact allows Noom Walk application to reach user’s
personal data in contact phone number and may call anyone
in the contact list. The global threat score g for permission
Contact is 2.
TABLE 1.
A
SSIGNING
T
HREAT
S
CORE
P
OINTS FOR AN
A
PPLICATION
Criteria Rule Point Comment
Threat
Score
permissions 0 No Threat Asking user to accept the
access to some resources
during the app. installation
0.2 Low
0.4 Low to
Moderate
0.6 Moderate
0.8 Moderate
to High
1 High
Danger 0 Low Obtain by NG and
WireShark apps results
1 High
Authorized licensed use limited to: University of Arkansas Litte Rock. Downloaded on September 29,2020 at 14:59:02 UTC from IEEE Xplore. Restrictions apply.
TABLE 2.
T
HREAT
L
EVEL OF
C
ONTACT
P
ERMISSION
Permission P
Threat
S
Threat
M
Threat
g
Contact 1 0 1 2
E. Analytical Hierarchy Process AHP Calcualtion
The Analytic Hierarchy Process (AHP) is a multi-criteria
decision-making technique, which has been largely used in
several fields of study. Given a decision problem, where
several different alternatives can be chosen to reach a goal,
AHP returns the most relevant alternative with respect to a
set of previously established criteria. This approach requires
subdividing a complex problem into a set of sub-problems,
equal in number to the chosen criteria, and then computing
the solution (alternative) by properly merging the various
local solutions for each sub-problem [14]. Analytic
Hierarchy Process helped us to follow decision making best
practices. It is not the only MCDM methodology, but AHP
gave us a powerful, yet simple way to organize our criteria
into an intuitive hierarchy (instead of basic list), and then to
prioritize those criteria. Figure 3 shows the generic AHP
hierarchy.
Fig.3. Generic AHP Hierarchy
Once the hierarchy is built, the relevance of each
alternative with respect to each criterion is established,
comparing them in a pairwise fashion. Comparisons are done
through a scale of numbers typical to AHP as shown in table
3. The scale indicates how many times an alternative is more
relevant than another one, with respect to a specific criterion.
Pairwise comparisons for each criterion are expressed in a
matricidal form, called pairwise comparison matrices. A
pairwise comparisons matrix M is a square matrix n*n
(where n is the number of alternatives), which has positive
entries and it is reciprocal, i.e. for each element aij , aij = 1/
aji . For comparisons matrices the concept of consistence is
defined. A comparison matrix of size n*n is consistent if
ai,j.aj,k = ai,k, for all (i; j; k). If a comparison matrix is
consistent, the pairwise comparisons are well related
between them [15]. However, it is difficult to obtain
perfectly consistent matrices using empirically defined
comparisons. AHP requires that comparisons matrices be
semi-consistent. To measure the consistency of a comparison
matrix, the consistency index CI = Lemdamax-n/ n-1. For a
consistent matrix CI = 0, whilst a matrix is considered semi-
consistent if CI < 0.1. If this condition does not hold, the
comparisons matrix should be re-evaluated [16]. The AHP
decision methodology is built to assess the quality of an
Android health care and fitness application form security
side as follows: given an Android application with the
following parameters: a global threat score computed from
previous stage, a developer, a number of download, a
market, a user rating, then the goal consists in assigning to
the application one the following alternative labels:
Trusted: This alternative means that the application
correctly works and should not affect badly on device's
security.
Untrusted: This alternative means that, even if apparently
working as the user expects from a Security perspective, the
application could violate the security of the mobile device.
Short Report: This alternative means that the application is
moderated secure in this case the software will produce a
short report and let the user decide. The possible values for
each criterion are shown in table 4 which also gives a brief
explanation about where to get these values.
TABLE 3.
F
UNDAMENTAL
S
CALE FOR
AHP
Intensity Definition Explanation
1 Equal Two elements contribute equally to the
objective
3 Moderate One element is slightly more relevant
than another
more relevant over another
5 Strong One element is strongly more relevant
over another
7 Very Strong One element is very strongly more
relevant over another
9 Extreme One element is extremely more relevant
over another
TABLE 4.
A
SSIGNING
V
ALUES FOR EACH
C
RITERION
Criteria values Comment
No. of
Download
(Million)
10+ Available in application's install page.
8+
6+
4+
2+
1+
User Rate 5 Available in application's install page.
4
3
2
1
Developer Standard Available in application's install page.
Top
Developer
Google
Market Manual Where to install the application from
Unofficial
Google
Threat Score <4 Points of network connection security
+permissions
>=4 and
<=7
>7
The comparison matrixes are created by compare
between each criterion with all others. Table 5 shows the
comparisons matrices between each criterion, these matrixes
are used to build the MATLAB AHP software to classify the
application. The values are given according to table 3.
According to table 5 the comparison matrix will be:
Comparison Matrix= [1 9 9 9 9;
1/9 1 1/7 1/5 1/8;
1/9 7 1 3 1/3;
1/9 5 1/3 1 1;
1/9 8 3 1 1];
Authorized licensed use limited to: University of Arkansas Litte Rock. Downloaded on September 29,2020 at 14:59:02 UTC from IEEE Xplore. Restrictions apply.
TABLE 5.
T
HE
C
OMPARISONS
M
ATRICES FOR
P
APER
’
S
C
RITERIA
Criteria1 Criteria2 Comment
Threat Score No. of
Download
Criteria 1 is 9 times more important
than Criteria2
User Rate Criteria 1 is 9 time more important
than Criteria2
Developer Criteria 1 is 9 times more important
than Criteria2
Market Criteria 1 is 9 times more important
than Criteria2
No. of
Download
User Rate Criteria 2 is 7 times more important
than Criteria1
Developer Criteria 2 is 5 times more important
than Criteria1
Market Criteria 2 is 8 times more important
than Criteria1
User Rate Developer Criteria 1 is 3times more important
than Criteria2
Market Criteria 2 is 3 times more important
than Criteria1
Developer Market Criteria 1 is equal to Criteria2
To compute the local priorities that expresses the
relevance between the alternatives and each criterion. By
giving a comparison matrix, we computed the local priorities
as the normalized eigenvector associated with the largest
eigenvalue. To computer the global priorities GP of
alternative (a) we applied equation 2.
GP =
=
k
j
ajCj
1
.
(2)
Where k is number of criteria, Cj is the local priority of
jth criterion, and (a) is the local priority of jth alternative.
IV. R
ESULTS
A. Selected Healthcaare and Fitness Applications
been chosen according to following criteria:
• Most Popular Applications that have many
downloads and user rate.
• Free Apps.
• Apps does not need external device.
Apps developed for consumer use.
B. AHP Calculation Result
The priorities are derived for the criteria in terms of their
importance to achieve the goal, and the performance of the
alternatives on each criterion. These priorities are ranked
based on pair-wise assessments using judgments and ratios
of measurements from a scale. We found the ratio of each
criterion and its sub criteria as shown in table 6.
TABLE 6.
T
HE
R
ATIOS FOR EACH
C
RITERION AND ITS
S
UB
C
RITERIA
Threat
Score
65.04%
No. of
Download
2.49%
User rate
10.84
Developer
7.7
Market
13.93
<4
45.2398%
10+
0.927%
1
0.567%
Top
Developer
6.05%
Manual
1.61%
>=4,<=7
14.8982%
8+
0.720%
2
1.03%
Google
1.28%
Un
Official
2.3%
>7
4.9062%
6+
0.424%
3
1.40%
Standard
0.351%
Google
9.93%
4+
0.238%
4
3.30%
2+
0.1064
5
4.44%
1+
0.075%
C. MATLAB Software
In order to help the user to use the testing software, we
create a (.m) file called start contains the instruction about
how to use the software. Two MATLAB’s .m files (TEST.m
and AndroidAppTEST.m) are created for computing AHP
and Test the application, respectively. For example, to test on
“Google Fit” application, the user simply writes
AndroidAppTest(‘Google Fit’) in MATLAB command line.
The result of testing “Google Fit a” and “Lose It” are shown
in figures 5 and 6 respectively.
Fig4. The Result of Testing “Google Fit” Application
Fig5. The Result of Testing “Lose It” Application
D. Application Testing Results
We tested 110 applications. 100 applications from
Google play store, 5 form official market, and 5 installed
manually. During the test we used Samsung Galaxy S4
phone, with 32GB of RAM, and operated by Android 4.4.2
operating system. The man in the middle was DELL inspire
7374 with an Intel core i7, 1.8 GHz, 8 GB RAM, and
operated by Windows 8.1. The result of the test is shown in
figure 4. 51 Applications are trusted all of them form Google
play store, 31 applications are untrusted form Google play
store and 2 installed manually, the rest 26 applications, give
a short report to help the user to make a decision as shown in
figure 7.
Authorized licensed use limited to: University of Arkansas Litte Rock. Downloaded on September 29,2020 at 14:59:02 UTC from IEEE Xplore. Restrictions apply.
Fig. 6. The Result of Testing 110 Healthcare and Fitness Applications
V. C
ONCLUSION
In this paper we have presented a security evaluation and
risk privacy of Android Health care and Fitness applications
by testing the network connection between the application
and Internet, computing the threat and danger score for each
application, and finally applying PHA to give the best
decision. We have proposed a system to compute the threat
score of a health care and fitness application according to the
application’s declared permissions and monitoring the
connection traffic between the application and Internet. The
proposed decision-making procedure combines the threat and
danger score with information regarding the developer, the
rating, the market, and the number of downloads of the
application. We built a MATLAB software for AHP tools
that receives the name of the application as an input and
gives a message, signaling if the application is trusted or not.
We tested 110 applications, most of them from Google Play
Store, and we found that about 50% of the applications were
trusted to be installed.
R
EFERENCES
[1] G. Dini, F. Martinelli, I. Matteucci, M. Petrocchi, A. Saracino, D.
Sgandurra, “A Multi-Criteria Based Evaluation of Android
Applications,” in 4th International Conference on Trusted Systems,
InTrust 2012. Springer-Verlag, December 2012.
[2] W. Enck, M. Ongtang, P. McDaniel, “On Lightweight Mobile Phone
Application Certification,” in 16th ACM conference on Computer and
Communications Security (CCS’09). ACM, November 2009, pp. 235
– 254.
[3] Y. Zhou, X. Zhang, X. Jiang, V. W. Freeh, “Taming information-
stealing smartphone applications (on android),” in 4th International
Conference on Trust and Trustworthy Computing (TRUST 2011),
June 2011.
[4] M. Nauman, S. Khan, X. Zhang, “Apex: Extending Android
Permission Model and Enforcement with User-defined Runtime
Constraints,” in 5th ACM Symposium on Information Computer and
Communication Security (ASIACCS’10). ACM, April 2010.
[5] D. Barrera, H.G. Kayacik, P.C. van Oorschot, A. Somayaji, “A
Methodology for Empirical Analysis of Permission-Based Security
Models and its Application to Android,” in 17th ACM Conference on
Computer and Communications Security (CCS’10. ACM, October
2010.
[6] A.P. Felt, E. Chin, S. Hanna, D. Song, D. Wagner, “Android
Permissions Demystified.” in 8th ACM conference on Computer and
Communications Security (CCS’11). ACM, 2011, pp. 627 – 638.
[7] A. Mylonas, A. Kastania, and D. Gritzalis, “Delegate the
smartphone user? Security awareness in smartphone platforms,”
Computers & Security, vol. 34, no. 0, pp. 47 – 66, 2013. [Online].
Available:
http://www.sciencedirect.com/science/article/pii/S0167404812001733
.
[8] D. Wagner and E. Ha, “Do android users write about electric sheep?
Examining consumer reviews in google play,” in Consumer
Communications and Networking Conference (CCNC), 2013 IEEE,
2013, pp. 149–157.
[9] P. Van Oreschot, D. Barrera, and W. Enck: “Seeding a Security
Enhancing Infrastructure for Multi-market Application Ecosystems,”
in Mobile Security Technologies Workshop (MoST). IEEE, 2012.
[10] http://androidwifihackingapps.com/intercepter-ng/
[11] http://www.howtogeek.com/104278/how-to-use-wireshark-to-
capture-filter-and-inspect-packets/
[12] http://www.ilovefreesoftware.com/16/featured/5-best-free-network-
packet-sniffer.html
[13] http://developer.android.com/reference/android/Manifest.permission.h
tml
[14] Saaty, T.L.: Decision-making with the ahp: Why is the principal
eigenvector necessary? European Journal of Operational Research
145(1) (2003) 85–91.
[15] Saaty, T.L.: Decision making with the analytic hierarchy process.
International Journal of Services Sciences 1(1) (2008).
[16] Saaty, T.L.: How to make a decision: The analytic hierarchy process.
European Journal of Operational Research 48(1) (1990) 9–26.
[17] Igor Khokhlov, Leon Reznik, “Android system security evaluation”,
IEEE Annual Consumer Communications & Networking Conference
(CCNC), pp. 695-699, 2018.
[18] William J. Buchanan, Simone Chiale, Richard Macfarlane, “A
methodology for the security evaluation within third-party Android
marketplaces”, Digital Investigation, volume 23, pp. 88-98, 2017.
[19] M. Mohamed, B. Shrestha, and N. Saxena, “SMASheD: Sniffing and
Manipulating Android Sensor Data for Offensive Purposes,” IEEE
Transactions on Information Forensics and Security, 2016.[Online].
http://ieeexplore.ieee.org/abstract/document/7605458/
Authorized licensed use limited to: University of Arkansas Litte Rock. Downloaded on September 29,2020 at 14:59:02 UTC from IEEE Xplore. Restrictions apply.
