Privacy analysis of mobile apps

Olukoya, Oluwafemi Samuel (2019) Privacy analysis of mobile apps. PhD thesis, University of Glasgow.

Due to Embargo and/or Third Party Copyright restrictions, this thesis is not available in this service.


The increasing popularity of the Android OS has resulted in its user base surging past 2.5 billion monthly active users, which has made cybercriminals and non-criminal actors attracted to the OS because of the amount and quality of information they can access. As malicious apps are at an arms race with their benign counterparts in malware analysis, coupled with the evolving nature of the Android ecosystem, it is important to continuously analyse the ecosystem for privacy and security issues.

The thesis proposes a privacy and security analysis approach for mobile software systems.
The research methodology abstracts the mobile security problem as an access control problem, where the behavioural elements mirror the standard elements in an access control system - identification, authentication and authorization. This involves analyzing the app’s behavioural elements for unstructured user input, user-granted permissions, UI textual description, and literal app/product description. Next, the effectiveness of the proposed approach was evaluated in the context of mobile systems security, particularly in the area of malware analysis and its mitigation. The approaches are different because they utilize different aspects of the app metadata, such that security analysis of apps could be done depending on what aspect of the app information is available.

Overall, this thesis contributes to knowledge around mobile software systems for the design
of robust malware detection tools, a security-oriented overview of mobile systems behaviour and reliable risk signalling for privacy awareness. The findings demonstrated great promise in using the elements of access control for mobile systems in anomaly detection and sustainable malware mitigation. The proposed approach succeeded where other approaches have not, in malware analysis.

Item Type: Thesis (PhD)
Qualification Level: Doctoral
Keywords: Mobile privacy, mobile security, malware, privacy risk, unstructured user input, Android, permission, mobile software systems, security rules.
Subjects: Q Science > Q Science (General)
Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Q Science > QA Mathematics > QA76 Computer software
T Technology > T Technology (General)
Colleges/Schools: College of Science and Engineering > School of Computing Science
Supervisor's Name: Omoronyia, Dr. Inah
Date of Award: 2019
Embargo Date: 17 December 2022
Depositing User: Mr Oluwafemi Olukoya
Unique ID: glathesis:2019-76780
Copyright: Copyright of this thesis is held by the author.
Date Deposited: 24 Dec 2019 11:56
Last Modified: 05 Mar 2020 21:36
Thesis DOI: 10.5525/gla.thesis.76780

Actions (login required)

View Item View Item