Abstract
This paper intends to highlight the risks of AI in Android smartphones. In this regard, we perform a risk analysis of Google Smart Assistant, a state-of-the-art, AI-powered smartphone app, and assess the transparency in its risk communication to users and implementation. Android users rely on the transparency of an app’s descriptions and Permission requirements for its risk evaluation, and many risk evaluation models consider the same factors while calculating app threat scores. Further, different risk evaluation models and malware detection methods for Android apps use an app’s Permissions and API usage to assess its behavior. Therefore, in our risk analysis, we assess Description-to-Permissions fidelity and Functions-to-API-Usage fidelity in Google Smart Assistant. We compare Permission and API usage in Google Smart Assistant with those of four leading smart assistants and discover that Google Smart Assistant has unusual permission requirements and sensitive API usage. Our risk analysis finds a lack of transparency in risk communication and implementation of Google Smart Assistant. This lack of transparency may make it impossible for users to assess the risks of this app. It also makes some of the state-of-the-art app risk evaluation models and malware detection methods ineffective.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Villani, C., et al.: For a Meaningful Artificial Intelligence: Towards a French and European Strategy. Conseil national du numérique, Paris (2018)
AI on the Honor V10 is a game-changer. https://www.androidauthority.com/ai-on-the-honor-v10-is-a-game-changer-832613/
UNESCO, EQUALS Skills Coalition: I’d blush if I could: closing gender divides in digital skills through education (2019)
Alepis, E., Patsakis, C.: Monkey says, monkey does: security and privacy on voice assistants. IEEE Access. 5, 17841–17851 (2017)
Zhang, N., Mi, X., Feng, X., Wang, X., Tian, Y., Qian, F.: Understanding and mitigating the security risks of voice-controlled third-party skills on Amazon Alexa and Google Home (2018). arXiv:1805.01525 [cs.CR]
Lau, J., Zimmerman, B., Schaub, F.: Alexa, are you listening? Proc. ACM Hum. Comput. Interact. 2, 1–31 (2018)
Seymour, W.: How loyal is your Alexa? In: Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems - CHI 2018, pp. 1–6. ACM Press, New York (2018)
Michaely, A.H., Zhang, X., Simko, G., Parada, C., Aleksic, P.: Keyword spotting for Google assistant using contextual speech recognition. In: Proceedings of 2017 IEEE Automatic Speech Recognition and Understanding Workshop, ASRU 2017, pp. 272–278, January 2018
Zhang, R., Chen, X., Lu, J., Wen, S., Nepal, S., Xiang, Y.: Using AI to Hack IA: A New Stealthy Spyware Against Voice Assistance Functions in Smart Phones (2018). arXiv:1805.06187 [cs.CR]
Chung, H., Lee, S.: Intelligent Virtual Assistant knows Your Life, pp. 1–6 (2018). arXiv:1803.00466 [cs.CY]
Acquisti, A., Adjerid, I., Brandimarte, L.: Gone in 15 seconds: the limits of privacy transparency and control. IEEE Secur. Priv. 11, 72–74 (2013)
Google: Android Pie. https://www.android.com/versions/pie-9-0/
Google: Permissions Overview. https://bit.ly/2HcAcye
Gorla, A., Tavecchia, I., Gross, F., Zeller, A.: Checking app behavior against app descriptions. In: Proceedings of the 36th International Conference on Software Engineering - ICSE 2014, pp. 1025–1035. ACM Press, New York (2014)
Elahi, H., Wang, G., Xie, D.: Assessing privacy behaviors of smartphone users in the context of data over-collection problem: an exploratory study. In: 2017 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computed, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI), pp. 1–8. IEEE (2017)
Song, Y., Chen, Y., Lang, B., Liu, H., Chen, S.: Topic model based Android malware detection. In: Wang, G., Feng, J., Bhuiyan, M.Z.A., Lu, R. (eds.) SpaCCS 2019. LNCS, vol. 11611, pp. 384–396. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-24907-6_29
Varian, H.R.: Computer mediated transactions. Am. Econ. Rev. 100, 1–10 (2010)
Qu, Z., Rastogi, V., Zhang, X., Chen, Y., Zhu, T., Chen, Z.: AutoCog: measuring the description-to-permission fidelity in Android applications. In: Proceedings of 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS 2014, pp. 1354–1365 (2014)
Jing, Y., Ahn, G.-J., Zhao, Z., Hu, H.: RiskMon: continuous and automated risk assessment of mobile applications. In: Proceedings of 4th ACM Conference on Data and Application Security and Privacy - CODASPY 2014, pp. 99–110 (2014)
Rashidi, B., Fung, C., Bertino, E.: Android resource usage risk assessment using hidden Markov model and online learning. Comput. Secur. 65, 90–107 (2017)
Dini, G., Martinelli, F., Matteucci, I., Petrocchi, M., Saracino, A., Sgandurra, D.: Risk analysis of Android applications: a user-centric solution. Futur. Gener. Comput. Syst. 80, 505–518 (2018)
Bal, G., Rannenberg, K., Hong, J.I.: Styx: privacy risk communication for the Android smartphone platform based on apps’ data-access behavior patterns. Comput. Secur. 53, 187–202 (2015)
Yeh, K.H., Lo, N.W., Fan, C.Y.: An analysis framework for information loss and privacy leakage on Android applications. 2014 IEEE 3rd Global Conference on Consumer Electronics, pp. 216–218 (2014)
Transparency, Cambridge Dictionary (Online). https://tinyurl.com/y2k94p7u
The European Parliament and the Council of the European Union: Regulation (EU) 2016/679 (GDPR). Off. J. Eur. Union., pp. 1–88 (2016)
Page, J., Bain, M., Mukhlish, F.: The risks of low level narrow artificial intelligence. In: 2018 IEEE International Conference on Intelligence and Safety for Robotics (ISR), pp. 1–6. IEEE (2018)
Porter, J.: The biggest Google Assistant products from CES 2019. https://tinyurl.com/ycasf9j4
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, Chicago, Illinois, USA, pp. 627–638. ACM, New York (2011)
Tao, G., Zheng, Z., Guo, Z., Lyu, M.R.: MalPat: mining patterns of malicious and benign Android apps via permission-related APIs. IEEE Trans. Reliab. 67, 355–369 (2018)
Desnos, A.: Androguard: reverse engineering, malware and goodware analysis of Android applications. https://github.com/androguard
Bohm, A.: Theoretical coding: text analysis in grounded theory. In: Flick, U., von Kardoff, E., Stein, I. (eds.) A Companion to Qualitative Research. pp. 270–275. SAGE Publications, London (2004). ISBN: 9780761973751
Lugano, G.: Virtual assistants and self-driving cars: to what extent is artificial intelligence needed in next-generation autonomous vehicles? In: 15th International Conference on ITS Telecommunications, pp. 1–5 (2017)
Elahi, H., Wang, G., Li, X.: Smartphone bloatware: an overlooked privacy problem. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, K.-K.R. (eds.) SpaCCS 2017. LNCS, vol. 10656, pp. 169–185. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72389-1_15
READ\(\_\)GSERVICE. https://tinyurl.com/y27dz3we
Tsavli, M., Efraimidis, P.S., Katos, V., Mitrou, L.: Reengineering the user: privacy concerns about personal data on smartphones. Inf. Comput. Secur. 23, 394–405 (2015)
Fan, M., Liu, J., Wang, W., Li, H., Tian, Z., Liu, T.: DAPASA: detecting Android piggybacked apps through sensitive subgraph analysis. IEEE Trans. Inf. Forensics Secur. 12, 1772–1785 (2017)
Xu, Y., Wang, G., Ren, J., Zhang, Y.: An adaptive and configurable protection framework against Android privilege escalation threats. Futur. Gener. Comput. Syst. 92, 210–224 (2019)
Li, J., Sun, L., Yan, Q., Li, Z., Srisa-an, W., Ye, H.: Significant permission identification for machine-learning-based Android malware detection. IEEE Trans. Ind. Inform. 14, 3216–3225 (2018)
van Ditmarsch, H., French, T.: On the Interactions of Awareness and Certainty. In: Wang, D., Reynolds, M. (eds.) AI 2011. LNCS (LNAI), vol. 7106, pp. 727–738. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25832-9_74
Spohn, W.: Two coherence principles. In: Causation, Coherence, and Concepts. Boston Studies in the Philosophy of Science, vol. 256. Springer, Dordrecht (2009). https://doi.org/10.1007/978-1-4020-5474-7_10
Lee, S.-Y., Lin, F. J.: Situation awareness in a smart home environment. In: 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT). pp. 678–683. IEEE (2016). http://ieeexplore.ieee.org/document/7845412/, https://doi.org/10.1109/WF-IoT.2016.7845412. ISBN: 978-1-5090-4130-5
Sinha, A., Anastasopoulos, A.: Incentive mechanisms for fairness among strategic agents. IEEE J. Sel. Areas Commun. 35, 288–301 (2017). https://doi.org/10.1109/JSAC.2017.2659061
Vernon, D., Metta, G., Sandini, G.: A survey of artificial cognitive systems: implictions for the autonomous development of mental capbilities in computational agents. IEEE Trans. Evol. Comput. 11, 1–30 (2007). https://doi.org/10.1109/TEVC.2006.890274
Acknowledgments
This work was supported in part by the National Natural Science Foundation of China under Grants 61632009, 61802076 and 61872097, in part by the Guangdong Provincial Natural Science Foundation under Grant 2017A030308006, and in part by the High-Level Talents Program of Higher Education in Guangdong Province under Grant 2016ZJ01.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Elahi, H., Wang, G., Peng, T., Chen, J. (2019). AI and Its Risks in Android Smartphones: A Case of Google Smart Assistant. In: Wang, G., Bhuiyan, M.Z.A., De Capitani di Vimercati, S., Ren, Y. (eds) Dependability in Sensor, Cloud, and Big Data Systems and Applications. DependSys 2019. Communications in Computer and Information Science, vol 1123. Springer, Singapore. https://doi.org/10.1007/978-981-15-1304-6_27
Download citation
DOI: https://doi.org/10.1007/978-981-15-1304-6_27
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-1303-9
Online ISBN: 978-981-15-1304-6
eBook Packages: Computer ScienceComputer Science (R0)