Most of the existing mobile application (app) vetting mechanisms only estimate risks at a coarse-grained level by analyzing app syntax but not semantics. We propose a semantics-aware privacy risk assessment framework (SPRisk), which considers the sensitivity discrepancy of privacy-related factors at semantic level. Our framework can provide qualitative (i.e., risk level) and quantitative (i.e., risk score) assessment results, both of which help users make decisions to install an app or not. Furthermore, to find the reasonable weight distribution of each factor automatically, we exploit a self-learning weight assignment method, which is based on fuzzy clustering and knowledge dependency theory. We implement a prototype system and evaluate the effectiveness of SPRisk with 192,445 normal apps and 7,111 malicious apps. A measurement study further reveals some interesting findings, such as the privacy risk distribution of Google Play Store, the diversity of official and unofficial marketplaces, which provide insights into understanding the seriousness of privacy threat in the Android ecosystem.

中文翻译：

---

使用自学权重分配对移动应用程序进行语义感知隐私风险评估

大多数现有的移动应用程序 (app) 审查机制仅通过分析应用程序语法而不是语义来粗粒度地估计风险。我们提出了一种语义感知的隐私风险评估框架（SPRisk），它在语义层面考虑了隐私相关因素的敏感性差异。我们的框架可以提供定性（即风险级别）和定量（即风险评分）评估结果，这两者都有助于用户决定是否安装应用程序。此外，为了自动找到每个因素的合理权重分布，我们开发了一种基于模糊聚类和知识依赖理论的自学习权重分配方法。我们实现了一个原型系统，并使用 192,445 个正常应用程序和 7,111 个恶意应用程序评估了 SRisk 的有效性。