What is SecuRank?

SecuRank is a framework and tool for the automatic analysis of permission usage in Android apps. It has been designed to allow the identification and grouping of apps of similar functionality within the Google Play Store. Once apps are grouped by functionality, permission usage within groups is analysed to identify those apps that have less potential privacy and security impact on your smartphone. Our aim with SecuRank is to disincentivise permission-hungry apps that seem to permeate app stores. The SecuRank database contains over 1,700,000 Android apps and this database is updated at least every 3 months to keep abreast of changes in the Google Play Store.

Don't runtime permissions solve the problem of permission-hungry apps?

Yes and No. With the introduction of runtime permissions in Android 6, users now have more power over the permissions used by apps. However, some 40.4% of users still accept runtime permissions blindly. We are assisting these users and the many millions of users (over 90% of Android users) who are (and will continue for some years) using older Android devices that don't support runtime permissions. Finally, the simple fact is that an app with more permissions has greater potential to impact smartphones in a negative way if/when something goes wrong, for example, a bug/vulnerability in the app. With SecuRank, users can easily find apps that provide the functionality they need, with the least amount of access to their device while doing it. Thus user devices will be as safe as possible in the worst case!

How does SecuRank work?

SecuRank uses Natural Language Processing (NLP) on the text descriptions of apps to identify groups of apps that provide similar functionality. Within these groups of apps, we analyse permission usage using several algorithms to identify apps with a lower potential impact on smartphone privacy/security. For those interested in the technical details, our research paper was accepted at the 6th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2016), and is available here.

Who are the authors?

SecuRank is brought to you by Vincent F. Taylor and Ivan Martinovic from the University of Oxford. Vincent is a D.Phil. (Ph.D.) student under the supervision of Ivan. Feel free to contact Vincent about the project using the contact details on his university page.