Rooted Android Devices Risk Assessment using Analytic Hierarchy Process

Thumbnail Image

Date

2023-09

Journal Title

Journal ISSN

Volume Title

Type

Article

Publisher

IEEE

Series Info

1st International Conference of Intelligent Methods, Systems and Applications, IMSA 2023;Pages 105 - 1112023

Abstract

Attackers are targeting rooted Android mobile devices to gain access to confidential data such as credit cards and banking transactions. Despite the removal of rooting applications from Google Play Store, attackers still provide easy rooting methods through third-party application stores. Previous studies have focused on rooting detection systems, but they have ignored Android rooting risk assessment, impacting device security. This research introduces a risk assessment framework for Android devices named ARAS, which uses three risk criteria: system, privacy, and financial criteria. ARAS extracts Android static analysis features and adopts Analytic Hierarchy Process (AHP) pairwise comparison methodology to decide the rooting risk level. The proposed scoring model is applied to a rooted device dataset to demonstrate the risk level assessment. ARAS introduces four levels of risk: low, medium, high, and critical risk levels, providing a decision support system for allowing or denying rooted devices access to applications and confidential information.

Description

Keywords

Analytic Hierarchy Process; Android rooting; Android security; risk assessment

Citation