In today’s era, smartphones are used in daily lives because they are ubiquitous and can be customized by installing third-party apps. As a result, the menaces because of these apps, which are potentially risky for user’s privacy, have increased. Information on smartphones is perhaps, more personal than compared to data stored on desktops or computers, making it an easy target for intruders. After Android, the most prevalently used mobile operating system is Apple’s iOS. Both Android and iOS follow permission-based access control to prevent user’s privacy. However, the users are unaware whether the app is breaching the user’s privacy. To combat this problem, in the paper we propose a hybrid approach to detect malicious iOS apps based on its permissions. In the first phase weights have been assigned to app permissions using multi-criteria decision-making approach namely Analytic Hierarchy Process (AHP) and in the second phase machine learning & ensemble learning techniques have been employed to train the classifiers for detecting malicious apps. To test the efficacy of the proposed method dataset comprising of 1150 apps from 12 app categories has been used. The results demonstrate the proposed approach improves the efficacy of detecting malicious iOS apps for majority of categories.

Wikipedia, “iOS.” https://en.wikipedia.org/wiki/IOS (accessed Apr. 06, 2021).

Apple Inc., “App Store Downloads on iTunes.” https://apps.apple.com/in/genre/ios/id36 (accessed Apr. 06, 2021).

J. Erickson, C. Gibler, J. Crussell, and H. Chen, “AndroidLeaks: Detecting Privacy Leaks In Android Applications,” pp. 1–17, 2011, [Online]. Available: http://www.cs.ucdavis.edu/research/tech-reports/2011/CSE-2011-10.pdf.

B. Krupp, “Enhancing Security And Privacy For Mobile Systems,” Dr. Diss. Dep. Electr. Comput. Eng. Clevel. State Univ., p. 148, 2015.

J. Khan, H. Abbas, and J. Al-Muhtadi, “Survey on mobile user’s data privacy threats and defense mechanisms,” Procedia Comput. Sci., vol. 56, no. 1, pp. 376–383, 2015, doi: 10.1016/j.procs.2015.07.223.

WIRED, “Thousands of Android and iOS Apps Leak Data From the Cloud.” https://www.wired.com/story/ios-android-leaky-apps-cloud/ (accessed Apr. 07, 2021).

R. Millman, “Oxford researchers expose personal data harvesting in third-party Facebook and Google apps.” https://www.itpro.co.uk/privacy/32190/oxford-researchers-expose-personal-data-harvesting-in-third-party-facebook-and-google (accessed Apr. 07, 2021).

Ptsecurity.com, “Vulnerability and threats in mobile applications,” Ptsecurity.Com, 2019.

P. Xiong, X. Wang, W. Niu, T. Zhu, and G. Li, “Android malware detection with contrasting permission patterns,” China Commun., vol. 11, no. 8, pp. 1–14, 2014, doi: 10.1109/CC.2014.6911083.

X. Liu and J. Liu, “A two-layered permission-based android malware detection scheme,” Proc. - 2nd IEEE Int. Conf. Mob. Cloud Comput. Serv. Eng. MobileCloud 2014, vol. 128, pp. 142–148, 2014, doi: 10.1109/MobileCloud.2014.22.

D. Congyi and S. Guangshun, “Method for Detecting Android Malware Based on Ensemble Learning,” ACM Int. Conf. Proceeding Ser., pp. 28–31, 2020, doi: 10.1145/3409073.3409084.

L. D. Coronado-De-Alba, A. Rodriguez-Mota, and P. J. Escamilla-Ambrosio, “Feature selection and ensemble of classifiers for Android malware detection,” 2016 8th IEEE Latin-American Conf. Commun. LATINCOM 2016, vol. 128, pp. 2–7, 2016, doi: 10.1109/LATINCOM.2016.7811605.

F. Idrees, M. Rajarajan, M. Conti, T. M. Chen, and Y. Rahulamathavan, “PIndroid: A novel Android malware detection system using ensemble learning methods,” Comput. Secur., vol. 68, pp. 36–46, 2017, doi: 10.1016/j.cose.2017.03.011.

T. G. Mesevage, “Machine Learning Classifiers - The Algorithms & How They Work.” https://monkeylearn.com/blog/what-is-a-classifier/ (accessed May 28, 2021).

V. Zhou, “Machine Learning for Beginners: An Introduction to Neural Networks .” https://towardsdatascience.com/machine-learning-for-beginners-an-introduction-to-neural-networks-d49f22d238f9 (accessed May 28, 2021).

A. J. Bhatt, C. Gupta, and S. Mittal, “iABC: Towards a hybrid framework for analyzing and classifying behaviour of iOS applications using static and dynamic analysis,” J. Inf. Secur. Appl., vol. 41, pp. 144–158, 2018, doi: 10.1016/j.jisa.2018.07.005.

T. L. Saaty, “Decision making with the analytic hierarchy process,” 2008.