An Android smartphone contains built-in and externally downloaded applications that are used for entertainment, finance, navigation, communication, health and fitness, and so on. The behaviour of granting permissions requested by apps might expose the Android smartphone user to privacy risks. The existing works lack a formalized mathematical model that can quantify user and system applications risks. No multifaceted data collector tool can also be used to monitor the collection of user data and the risk posed by each application. A benchmark of the risk level that alerts the user and distinguishes between acceptable and unacceptable risk levels in Android smartphone user does not exist. Hence, to address privacy risk, a formalized privacy model called PRiMo that uses a tree structure and calculus knowledge is proposed. An App-sensor Mobile Data Collector (AMoDaC) is developed and implemented in real life to analyse user data accessed by mobile applications through the permissions granted and the risks involved. A benchmark is proposed by comparing the proposed PRiMo outcome with the existing available testing metrics. The results show that Tools & Utility/Productivity applications posed the highest risk as compared to other categories of applications. Furthermore, 29 users faced low and acceptable risk, while two users faced medium risk. According to the benchmark proposed, users who faced risks below 25% are considered as safe. The effectiveness and accuracy of the proposed work is 96.8%.
Keywords: IoT; data collector; mathematical modelling; mobile applications; permissions; privacy exposure; risk quantification; smartphone sensors; usage behaviour.