Trusting smartphone Apps? To install or not to install, that is the question

Smartphones are becoming the mobile hubs of information for many people and companies. What started as a way to provide users with the flexibility of installing small software components called Apps to enhance the usability of their phone has grown into a global market with hundreds of thousands of applications built by thousands of developers. However, while there are plenty of well established companies developing useful applications or entertaining games there is no easy way to differentiate them from companies that put users at risk or worse are directly distributing malware or spyware. One attribute that is often used in distinguishing “good” Apps from “bad” ones are their ratings. Nevertheless, research has shown that this can prove to be an unreliable metric, especially in cases with low rating counts. Reviews are also supposed to provide the user with an assessment of an App's trustworthiness by real people. However, fake reviews written by collaborators of the developer or the developer himself are common to boost an App's ranking. How is the average user able to distinguish between real and fake reviews? Finally, Apps run inside a security sandbox and need permissions to interact with the smartphone and the data stored on it. The problem is that users are usually not aware of what specific permissions mean or why they need to be granted. In this paper we present a trustworthiness assessment model for Apps that takes into consideration these factors as well as others to provide the user with an indication of whether an App can be trusted and if so why. Furthermore, the model incorporates various relations between Apps and we discuss whether or not they should have an impact on the individual App's assessment. The research demonstrates that in order to make a decision to install an App one has to consider more than just App information and look into its associated meta data as well.