Risk-Oriented Taxonomy of Android App Assessment Models

Authors

  • Anuradha Dahiya Department of CSE, Deenbandhu Chhotu Ram University of Science and Technology, Murthal, India Author
  • Sukhdip Singh Department of CSE, Deenbandhu Chhotu Ram University of Science and Technology, Murthal, India Author
  • Gulshan Shrivastava School of Computer Science Engineering and Technology, Bennett University, Greater Noida, UP, India Author

DOI:

https://doi.org/10.65890/race.v1i2.156

Keywords:

Android security, Malicious activities, User privacy, Application Trust & Risk, Application metadata, Risk assessment

Abstract

Android application security research has been dominated by the malware-detection paradigm, in which either benign or malicious labels are assigned to applications. Although effective in terms of large-scale screening, this binary perspective is not effective to capture the diverse risks brought about by modern Android applications, such as privacy leakage, financial abuse, intrusive tracking, and misuse of system resources. This work provides a structured review of the research efforts on Android app assessment models from a risk-oriented perspective. Rather than proposing new techniques for detection, this review synthesizes the existing literature and organizes prior work through a multi-dimensional taxonomy with respect to risk modelling granularity, risk semantics, evidence sources, learning paradigms, and interpretability. This paper reveals important trends, constraints, and unresolved issues by analysing how current approaches conceptualise and depict risk. The purpose of the article is to outline the shift from malware detection to thorough application risk assessment and to provide a comprehensive reference for future Android security research.

References

[1] S. Maganur, Y. Jiang, J. Huang, and F. Zhong, ‘Feature-Centric Approaches to Android Malware Analysis: A Survey’, Computers, vol. 14, no. 11, p. 482, Nov. 2025, doi: 10.3390/computers14110482. DOI: https://doi.org/10.3390/computers14110482

[2] A. Ruggia, D. Nisi, S. Dambra, A. Merlo, D. Balzarotti, and S. Aonzo, ‘Unmasking the Veiled: A Comprehensive Analysis of Android Evasive Malware’, in Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, Singapore: ACM, Jul. 2024, pp. 383–398, doi: 10.1145/3634737.3637658. DOI: https://doi.org/10.1145/3634737.3637658

[3] A. Kar, N. Stakhanova, and E. Branca, ‘Detecting Overlay Attacks in Android’, Procedia Computer Science, vol. 231, pp. 137–144, 2024, doi: 10.1016/j.procs.2023.12.185. DOI: https://doi.org/10.1016/j.procs.2023.12.185

[4] A. Dahiya, S. Singh, and G. Shrivastava, ‘Android malware analysis and detection: A systematic review’, Expert Systems, p. e13488, Oct. 2023, doi: 10.1111/exsy.13488. DOI: https://doi.org/10.1111/exsy.13488

[5] Q. Wu, X. Zhu, and B. Liu, ‘A Survey of Android Malware Static Detection Technology Based on Machine Learning’, Mobile Information Systems, vol. 2021, pp. 1–18, Mar. 2021, doi: 10.1155/2021/8896013. DOI: https://doi.org/10.1155/2021/8896013

[6] Z. Qu, S. Alam, Y. Chen, X. Zhou, W. Hong, and R. Riley, ‘DyDroid: Measuring Dynamic Code Loading and Its Security Implications in Android Applications’, in 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Jun. 2017, pp. 415–426, doi: 10.1109/DSN.2017.14. DOI: https://doi.org/10.1109/DSN.2017.14

[7] A. Dahiya, S. Singh, and G. Shrivastava, ‘Lightweight and Efficient Android Malware Detection Using Manifest File Analysis’, in 2025 International Conference on Networks and Cryptology (NETCRYPT), May 2025, pp. 1246–1251, doi: 10.1109/NETCRYPT65877.2025.11102561. DOI: https://doi.org/10.1109/NETCRYPT65877.2025.11102561

[8] T. Sutter, T. Kehrer, M. Rennhard, B. Tellenbach, and J. Klein, ‘Dynamic Security Analysis on Android: A Systematic Literature Review’, IEEE Access, vol. 12, pp. 57261–57287, 2024, doi: 10.1109/ACCESS.2024.3390612. DOI: https://doi.org/10.1109/ACCESS.2024.3390612

[9] B. Kondracki, B. A. Azad, N. Miramirkhani, and N. Nikiforakis, ‘The Droid is in the Details: Environment-aware Evasion of Android Sandboxes’, in Proceedings 2022 Network and Distributed System Security Symposium, 2022, doi: 10.14722/ndss.2022.23056. DOI: https://doi.org/10.14722/ndss.2022.23056

[10] A. Dahiya, S. Singh, and G. Shrivastava, ‘Malware Detection Insights, Mechanisms and Future Perspectives for Android Applications’, in Innovative Computing and Communications, vol. 1021, Singapore: Springer Nature Singapore, 2024, pp. 381–403, doi: 10.1007/978-981-97-3591-4_31. DOI: https://doi.org/10.1007/978-981-97-3591-4_31

[11] M. Choudhary and B. Kishore, ‘HAAMD: Hybrid Analysis for Android Malware Detection’, in 2018 International Conference on Computer Communication and Informatics (ICCCI), Jan. 2018, pp. 1–4, doi: 10.1109/ICCCI.2018.8441295. DOI: https://doi.org/10.1109/ICCCI.2018.8441295

[12] J. Mohamad Arif, M. F. Ab Razak, S. R. Tuan Mat, S. Awang, N. S. N. Ismail, and A. Firdaus, ‘Android mobile malware detection using fuzzy AHP’, Journal of Information Security and Applications, vol. 61, p. 102929, Sep. 2021, doi: 10.1016/j.jisa.2021.102929. DOI: https://doi.org/10.1016/j.jisa.2021.102929

[13] A. Amin, A. Eldessouki, M. T. Magdy, N. Abdeen, H. Hindy, and I. Hegazy, ‘AndroShield: Automated Android Applications Vulnerability Detection, a Hybrid Static and Dynamic Analysis Approach’, Information, vol. 10, no. 10, p. 326, Oct. 2019, doi: 10.3390/info10100326. DOI: https://doi.org/10.3390/info10100326

[14] G. Shrivastava and P. Kumar, ‘SensDroid: Analysis for Malicious Activity Risk of Android Application’, Multimed Tools Appl, vol. 78, no. 24, pp. 35713–35731, Dec. 2019, doi: 10.1007/s11042-019-07899-1. DOI: https://doi.org/10.1007/s11042-019-07899-1

[15] M. Dhalaria and E. Gandotra, ‘Risk Detection of Android Applications Using Static Permissions’, in Advances in Data Computing, Communication and Security, Singapore: Springer Nature, 2022, pp. 591–600, doi: 10.1007/978-981-16-8403-6_54. DOI: https://doi.org/10.1007/978-981-16-8403-6_54

[16] M. F. A. Razak, N. B. Anuar, R. Salleh, A. Firdaus, M. Faiz, and H. S. Alamri, ‘“Less Give More”: Evaluate and zoning Android applications’, Measurement, vol. 133, pp. 396–411, Feb. 2019, doi: 10.1016/j.measurement.2018.10.034. DOI: https://doi.org/10.1016/j.measurement.2018.10.034

[17] K. Sharma and B. B. Gupta, ‘Mitigation and risk factor analysis of android applications’, Computers & Electrical Engineering, vol. 71, pp. 416–430, Oct. 2018, doi: 10.1016/j.compeleceng.2018.08.003. DOI: https://doi.org/10.1016/j.compeleceng.2018.08.003

[18] M. Deypir and A. Horri, ‘Instance based security risk value estimation for Android applications’, Journal of Information Security and Applications, vol. 40, pp. 20–30, Jun. 2018, doi: 10.1016/j.jisa.2018.02.002. DOI: https://doi.org/10.1016/j.jisa.2018.02.002

[19] J. Xiao, S. Chen, Q. He, Z. Feng, and X. Xue, ‘An Android application risk evaluation framework based on minimum permission set identification’, Journal of Systems and Software, vol. 163, p. 110533, May 2020, doi: 10.1016/j.jss.2020.110533. DOI: https://doi.org/10.1016/j.jss.2020.110533

[20]D. Naga Malleswari, A. Dhavalya, V. Divya Sai, and K. Srikanth, ‘A detailed study on risk assessment of mobile app permissions’, IJET, vol. 7, no. 1.1, p. 297, Dec. 2017, doi: 10.14419/ijet.v7i1.1.9706. DOI: https://doi.org/10.14419/ijet.v7i1.1.9706

[21] H. X. Son, B. Carminati, and E. Ferrari, ‘A Risk Estimation Mechanism for Android Apps based on Hybrid Analysis’, Data Sci. Eng., vol. 7, no. 3, pp. 242–252, Sep. 2022, doi: 10.1007/s41019-022-00189-1. DOI: https://doi.org/10.1007/s41019-022-00189-1

[22] S. Yoo, H. R. Ryu, H. Yeon, T. Kwon, and Y. Jang, ‘Visual analytics and visualization for android security risk’, Journal of Computer Languages, vol. 53, pp. 9–21, Aug. 2019, doi: 10.1016/j.cola.2019.03.004. DOI: https://doi.org/10.1016/j.cola.2019.03.004

[23] A. Merlo and G. C. Georgiu, ‘RiskInDroid: Machine Learning-Based Risk Analysis on Android’, in ICT Systems Security and Privacy Protection, vol. 502, Cham: Springer International Publishing, 2017, pp. 538–552, doi: 10.1007/978-3-319-58469-0_36. DOI: https://doi.org/10.1007/978-3-319-58469-0_36

[24] S. L. Sanna, D. Soi, D. Maiorca, G. Fumera, and G. Giacinto, ‘A risk estimation study of native code vulnerabilities in Android applications’, Journal of Cybersecurity, vol. 10, no. 1, p. tyae015, Jan. 2024, doi: 10.1093/cybsec/tyae015. DOI: https://doi.org/10.1093/cybsec/tyae015

[25] A. Dahiya, S. Singh, and G. Shrivastava, ‘PRAZdroid: A Novel Approach to Risk Assessment and Zoning of Android Applications based on Permissions’, SCPE, vol. 26, no. 4, Jun. 2025, doi: 10.12694/scpe.v26i4.4439. DOI: https://doi.org/10.12694/scpe.v26i4.4439

[26] K. Allix, T. F. Bissyandé, J. Klein, and Y. Le Traon, ‘AndroZoo: collecting millions of Android apps for the research community’, in Proceedings of the 13th International Conference on Mining Software Repositories, Austin Texas: ACM, May 2016, pp. 468–471, doi: 10.1145/2901739.2903508. DOI: https://doi.org/10.1145/2901739.2903508

[27]L. Prokhorenkova, G. Gusev, A. Vorobev, A. V. Dorogush, and A. Gulin, ‘CatBoost: unbiased boosting with categorical features’, in Advances in Neural Information Processing Systems, 2018, p.31.

Downloads

Published

2025-12-31

Issue

Volume 1, Issue 2, Oct-Dec (2025)

Section

Research Articles

License

Copyright (c) 2025 Revolutionary Advances in Computing and Electronics: An International Journal

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Risk-Oriented Taxonomy of Android App Assessment Models. (2025). Revolutionary Advances in Computing and Electronics: An International Journal, 1(2), 26-35. https://doi.org/10.65890/race.v1i2.156
Crossref
Scopus
Google Scholar
Europe PMC