Conference paper Open Access

ESARA: A Framework for Enterprise Smartphone Apps Risk Assessment

Hatamian, Majid; Pape, Sebastian; Rannenberg, Kai

DataCite XML Export

<?xml version='1.0' encoding='utf-8'?>
<resource xmlns:xsi="" xmlns="" xsi:schemaLocation="">
  <identifier identifierType="URL"></identifier>
      <creatorName>Hatamian, Majid</creatorName>
      <affiliation>Goethe University Frankfurt</affiliation>
      <creatorName>Pape, Sebastian</creatorName>
      <affiliation>Goethe University Frankfurt</affiliation>
      <creatorName>Rannenberg, Kai</creatorName>
      <affiliation>Goethe University Frankfurt</affiliation>
    <title>ESARA: A Framework for Enterprise Smartphone Apps Risk Assessment</title>
    <date dateType="Issued">2019-06-05</date>
  <resourceType resourceTypeGeneral="ConferencePaper"/>
    <alternateIdentifier alternateIdentifierType="url"></alternateIdentifier>
    <relatedIdentifier relatedIdentifierType="DOI" relationType="IsIdenticalTo">10.1007/978-3-030-22312-0_12</relatedIdentifier>
    <rights rightsURI="">Creative Commons Attribution 4.0 International</rights>
    <rights rightsURI="info:eu-repo/semantics/openAccess">Open Access</rights>
    <description descriptionType="Abstract">&lt;p&gt;Protecting enterprise&amp;rsquo;s confidential data and infrastructure against adversaries and unauthorized accesses has been always challenging. This gets even more critical when it comes to smartphones due to their mobile nature which enables them to have access to a wide range of sensitive information that can be misused. The crucial questions here are: How the employees can make sure the smartphone apps that they use are trustworthy? How can the enterprises check and validate the trustworthiness of apps being used within the enterprise network? What about the security and privacy aspects? Are the confidential information such as passwords, important documents, etc. are treated safely? Are the employees&amp;rsquo; installed apps monitoring/spying the enterprise environment? To answer these questions, we propose Enterprise Smartphone Apps Risk Assessment (ESARA) as a novel framework to support and enable enterprises to analyze and quantify the potential privacy and security risks associated with their employees&amp;rsquo; installed apps. Given an app, ESARA first conducts various analyses to characterize its vulnerabilities. Afterwards, it examines the app&amp;rsquo;s behavior and overall privacy and security perceptions associated with it by applying natural language processing and machine learning techniques. The experimental results using app behavior and perception analyses indicate that: (1) ESARA is able to examine apps&amp;rsquo; behavior for potential invasive activities; and (2) the analyzed privacy and security perceptions by ESARA usually reveal interesting information corresponding to apps&amp;rsquo; behavior achieved with high accuracy.&lt;/p&gt;</description>
      <funderName>European Commission</funderName>
      <funderIdentifier funderIdentifierType="Crossref Funder ID">10.13039/501100000780</funderIdentifier>
      <awardNumber awardURI="info:eu-repo/grantAgreement/EC/H2020/675730/">675730</awardNumber>
      <awardTitle>Privacy and Usabiliy</awardTitle>
Views 75
Downloads 173
Data volume 385.7 MB
Unique views 70
Unique downloads 167


Cite as