AI and Its Risks in Android Smartphones: A Case of Google Smart Assistant

Abstract

This paper intends to highlight the risks of AI in Android smartphones. In this regard, we perform a risk analysis of Google Smart Assistant, a state-of-the-art, AI-powered smartphone app, and assess the transparency in its risk communication to users and implementation. Android users rely on the transparency of an app’s descriptions and Permission requirements for its risk evaluation, and many risk evaluation models consider the same factors while calculating app threat scores. Further, different risk evaluation models and malware detection methods for Android apps use an app’s Permissions and API usage to assess its behavior. Therefore, in our risk analysis, we assess Description-to-Permissions fidelity and Functions-to-API-Usage fidelity in Google Smart Assistant. We compare Permission and API usage in Google Smart Assistant with those of four leading smart assistants and discover that Google Smart Assistant has unusual permission requirements and sensitive API usage. Our risk analysis finds a lack of transparency in risk communication and implementation of Google Smart Assistant. This lack of transparency may make it impossible for users to assess the risks of this app. It also makes some of the state-of-the-art app risk evaluation models and malware detection methods ineffective.