Elsersy, WaelEl-Fishawy, Nawal AhmedZakaria, Ehab E2023-09-282023-09-282023-0910.1109/IMSA58542.2023.10217716http://repository.msa.edu.eg/xmlui/handle/123456789/5726Attackers are targeting rooted Android mobile devices to gain access to confidential data such as credit cards and banking transactions. Despite the removal of rooting applications from Google Play Store, attackers still provide easy rooting methods through third-party application stores. Previous studies have focused on rooting detection systems, but they have ignored Android rooting risk assessment, impacting device security. This research introduces a risk assessment framework for Android devices named ARAS, which uses three risk criteria: system, privacy, and financial criteria. ARAS extracts Android static analysis features and adopts Analytic Hierarchy Process (AHP) pairwise comparison methodology to decide the rooting risk level. The proposed scoring model is applied to a rooted device dataset to demonstrate the risk level assessment. ARAS introduces four levels of risk: low, medium, high, and critical risk levels, providing a decision support system for allowing or denying rooted devices access to applications and confidential information.enAnalytic Hierarchy Process; Android rooting; Android security; risk assessmentArticle10.1109/IMSA58542.2023.10217716