Mobile App Recommendations with Security and
Privacy Awareness
Hengshu Zhu
1
Hui Xiong
2∗
Yong Ge
3
Enhong Chen
1∗
1
University of Science and Technology of China,
2
Rutgers University,
3
UNC Charlotte
zhs@mail.ustc.edu.cn, hxiong@rutgers.edu, yong.ge@uncc.edu, cheneh@ustc.edu.cn
ABSTRACT
With the rapid prevalence of smart mobile devices, the num-
ber of mobile Apps available has exploded over the past few
years. To facilitate the choice of mobile Apps, existing mo-
bile App recommender systems typically recommend popu-
lar mobile Apps to mobile users. However, mobile Apps are
highly varied and often poorly understood, particularly for
their activities and functions related to privacy and secu-
rity. Therefore, more and more mobile users are reluctant
to adopt mobile Apps due to the risk of privacy invasion and
other security concerns. To fill this crucial void, in this pa-
per, we propose to develop a mobile App recommender sys-
tem with privacy and security awareness. The design goal
is to equip the recommender system with the functionality
which allows to automatically detect and evaluate the secu-
rity risk of mobile Apps. Then, the recommender system
can provide App recommendations by considering both the
Apps’ popularity and the users’ security preferences. Specifi-
cally, a mobile App can lead to security risk because insecure
data access permissions have been implemented in this App.
Therefore, we first develop the techniques to automatically
detect the potential security risk for each mobile App by
exploiting the requested permissions. Then, we prop ose a
flexible approach based on modern portfolio theory for rec-
ommending Apps by striking a balance between the Apps’
popularity and the users’ security concerns, and build an
App hash tree to efficiently recommend Apps. Finally, we
evaluate our approach with extensive experiments on a large-
scale data set collected from Google Play. The experimental
results clearly validate the effectiveness of our approach.
Categories and Subject Descriptors
H.2.8.d [Information Technology and Systems]: Database
Applications - Data Mining
Keywords
Mobile Apps, Recommender Systems, Security and Privacy
∗
Corresponding Author.
Permission to make digital or hard copies of all or part of this work for personal or
classroom use is granted without fee provided that copies are not made or distributed
for profit or commercial advantage and that copies bear this notice and the full cita-
tion on the first page. Copyrights for components of this work owned by others than
ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or re-
publish, to post on servers or to redistribute to lists, requires prior specific permission
and/or a fee. Request permissions from permissions@acm.org.
KDD’14, August 24–27, 2014, New York, NY, USA.
Copyright 2014 ACM 978-1-4503-2956-9/14/08 ...$15.00.
http://dx.doi.org/10.1145/2623330.2623705.
1. INTRODUCTION
Recent years have witnessed the rapid and increased preva-
lence of smart mobile devices, such as smart phones, a huge
number of mobile Apps have been developed for mobile
users. For example, as of the end of July 2013, the Google
Play has had over 1 million Apps and there have been over
50 billion cumulative downloads, and these numbers are still
growing dramatically. Due to the prospering mobile App
industry, the functionalities of smart devices have been in-
tensely extended to meet diversified user needs. However,
mobile Apps are highly varied and often p oorly understood,
particularly for their activities and functions related to pri-
vacy and security. Indeed, to improve user experiences, more
and more advanced mobile Apps are committed to provide
intelligent and personalized services for users, such as loca-
tion based services and social sharing services. These ser-
vices usually involve access permissions of users’ personal
data, such as real-time locations and the contact lists.
However, such intelligent mobile Apps may result in the
potential security and privacy risks for users. For instance,
users may not expect their locations (e.g., home locations,
workplaces) and other privacy information (e.g., contact lists,
SMS records) to be spied by the third party Apps. In fact,
as reported by NBC News
1
, consumers have grown so con-
cerned about privacy on their mobile phones. Many con-
sumers have avoided downloading some mobile Apps, and
many others have removed Apps which may have access to
their personal data. Also, a recent survey from IDG News
2
reveals that 54% of U.S. mobile App users surveyed have de-
cided not to install an App when they discovered how much
personal information it would collect, and 30% of App users
have uninstalled an App after learning about the personal
information it collected. Therefore, the development of a
mobile App recommender system with security and privacy
awareness becomes critical for the healthy development of
the mobile App industry.
In the literature, there are recent studies about security
and privacy issues of mobile Apps, and mobile App recom-
mendations. For example, some works are focused on mal-
ware code detection [6, 13], the security middleware develop-
ment [7, 20], and the App access permission model develop-
ment [5, 8]. However, these works either need to analyze the
source code of each mobile App, or detect the system API
calls during the App running. Indeed, these approaches are
very hard to be implemented in practice, since it is not a
trivial task to efficiently and accurately detect the malware
1
http://www.nbcnews.com/
2
http://www.idg.com/
Figure 1: A demo system of mobile App recommen-
dations with security and privacy awareness.
codes for each mobile App and users often do not want some
security software to frequently scan their devices. Mean-
while, in the area of mobile App recommendation, some
works studied the personalized App recommendation meth-
ods [17], the intelligent mobile App recommendations by
exploiting enriched contextual information [10, 21], and the
problem of App ranking fraud detection [22]. However, all
these works only consider user preferences about the Apps’
popularity (e.g., ratings, downloads), but not the security
and privacy risks inherent in the mobile Apps.
To this end, in this paper, we propose to develop a mobile
App recommender system with security and privacy aware-
ness. The design goal is to equip the recommender system
with the ability to automatically detect and evaluate the
security and privacy risks of mobile Apps. Also, when ap-
plying this recommender system for App recommendations,
it should be able to strike a balance b etween the Apps’ pop-
ularity and the users’ security preferences. Figure 1 shows
the interface of our demo system for mobile App recom-
mendations with security and privacy awareness. In this
system, users can select different evaluation metrics, such
as Popularity, Security, and Hybrid, to obtain App recom-
mendations with respect to their preferred security levels.
While we do not aim at developing personalized App rec-
ommender systems because the individual download statis-
tics and App usage data are often not publicly available,
our non-personalized App recommendations by consider-
ing both popularity and security are very important for mo-
bile App services. For instance, both Apple and Google pro-
vide non-personalized top paid/free App recommendations
based on the popularity information (e.g., overall download
and rating) every day. However, they do not explore and
consider the security preferences in their recommended top
charts. Indeed, the developed system will be beneficial for
the healthy development of the mobile App industry.
However, there are two critical challenge for developing an
App recommender system with security and privacy aware-
ness. Specifically, the first challenge is how to effectively
identify the security risks of mobile Apps from the large-
scale mobile App data. The second challenge is how to strike
a balance between the Apps’ popularity and the users’ con-
cerns ab out security and privacy. Indeed, our careful ob-
servation reveals that the potential security risks of mobile
Apps are essentially caused by the data access permissions
of each App, such as permissions requested for accessing
real-time locations. Therefore, in this pap er, we first pro-
pose to exploit the requested permissions for detecting the
potential security risk of each mobile App. The proposed
approach is based on random walk regularization with an
App-permission bipartite graph, which can learn the security
risk of mobile Apps automatically without relying on any
predefined risk function. Furthermore, based on the modern
portfolio theory [16], we develop a flexible optimization ap-
proach for recommending Apps by considering both Apps’
popularity and users’ concerns about security and privacy.
Particularly, there are often many different security prefer-
ences of mobile users, and a huge number of Apps as can-
didates for recommendations. To enhance the performances
of online App recommendations, we build an App hash tree
to efficiently look up Apps. Finally, we evaluate our mobile
App recommendation approach with extensive exp eriments
on a large-scale real-world data set collected from Google
Play, which contains 170,753 mobile Apps. The experimen-
tal results clearly validate the effectiveness and efficiency of
our approach in terms of different evaluation metrics.
2. PROBLEM FORMULATION
In this section, we first introduce some preliminaries about
the security/privacy problems of mobile Apps, and then in-
troduce the framework of the proposed mobile App recom-
mender system with security and privacy awareness.
Table 1: Examples of data access permissions.
Type Permission ID Description
String ACCESS_FINE_LOCATION
Allows an application to acc-
ess fine (e.g., GPS) location.
String READ_CONTACTS
Allows an application to read
the user’s contacts data.
String READ_SMS
Allows an application to read
the user’s SMS messages.
String READ_CALENDAR
Allows an application to read
the user’s calendar data.
String READ_CALL_LOG
Allows an application to read
the user’s call log.
2.1 Preliminaries
The most advanced mobile operating systems, such as Ap-
ple IOS, Google Android, and Microsoft Windows Phone,
implement a sandbox which provides the security and pri-
vacy policy for the third-party mobile Apps. To be specific,
these operating systems isolate Apps from each other and
the resources, thus feature a permission system [7]. To ac-
cess the personal data in users’ mobile devices, the permis-
sion system will convey users to grant corresponding data
access permissions explicitly (e.g., IOS) or implicitly (e.g.,
Android) for each mobile App. Actually, these data access
permissions may enter some sensitive resources in mobile
users’ personal data, such as their locations or contact lists.
For instance, Table 1 illustrates some examples of data ac-
cess permissions in the Android system [1]. We can see that
all these listed permissions contain potential security risks.
For example, an App, which requests READ_CALENDAR and
READ_SMS permissions, may access users’ personal calendar
and short messages. This may not be comfortable for a busi-
ness man due to the risks of leaking confidential information.
Indeed, all these data access permissions can be catego-
rized into different levels with respect to their potential se-
curity risks. For example, as defined by Android Develop-
ers [1], there are three different threat levels for managing
data access permissions,
Permissions: This application has access to the following:
è
Your personal information
Read calendar events plus confidential information
(READ_CALENDAR)
Allows the App to read all calendar events stored on your tablet,
including those of friends or coworkers. Malicious Apps may extract
personal information from these calendars without the owners'
knowledge. Allows the App to read all calendar events stored on your
phone, including those of friends or coworkers. Malicious Apps may
extract personal information from these calendars without the owners'
knowledge.
è Phone calls
Read phone state and identity
(READ_PHONE_STATE )
Allows the App to access the phone features of the device. An App with
this permission can determine the phone number and serial number of
this phone, whether a call is active, the number that call is connected to
and the like.
è Storage
Modify/delete USB storage contents modify/delete SD card contents
(WRITE_EXTERNAL_STORAGE)
Allows the App to write to the USB storage. Allows the App to write to
the SD card.
SecurityPopularity
Figure 2: A motivating example.
• Normal permissions give an App access to isolated
App level features, with the minimal risk to other ap-
plications, the system, or the user access (e.g., the per-
mission to set screen wallpaper).
• Dangerous permissions give an App access to pri-
vate user data or control over the device, with a po-
tential risk that can negatively impact the user (e.g.,
the permission to have the user’s current location).
• Signature/System permissions give an App access
to the dangerous privileges, which need system signa-
ture certifications such as the ability to control the
system process (e.g., the permission to delete Apps).
To provide better services to users and gain more down-
loads of Apps, mobile App developers try to request more
and more data access permissions, which can help to im-
plement the intelligent applications, such as social sharing
services. However, these services may result in potential
security and privacy risks. For example, Figure 2 shows
an example of a mobile App in the Android market, which
contains both popularity and security information. In this
figure, we can observe that this App may request the per-
mission of reading the users’ calender (i.e., READ_CALENDAR),
reading phone states (i.e., READ_PHONE_STATE) and external
USB/SD card storage (i.e., WRITE_EXTERNAL_STORAGE). Al-
though this is a quite p opular App according to user ratings
and the download information, it may still contain the po-
tential risk of leaking user information. For instance, if this
App is controlled by a Trojan, it could gather users’ calender
information and phone numbers, then upload the informa-
tion into external USB disk or SD card (when connected) via
the above permissions. However, to the best of our knowl-
edge, this kind of security risks is not taken into account
in most existing mobile App recommender systems. Indeed,
they only focus on the Apps’ popularity information (e.g.,
user ratings). Thus, we aim on developing a mobile App
recommender system with security and privacy awareness.
2.2 The Recommendation Framework
Here, we first formally define the problem of mobile App
recommendations with security and privacy awareness, and
then show the recommendation framework.
Definition 1 (Problem Statement). Given a cat-
egory label c, and a set of Apps A = {a}, each of which
contains a set of data access permissions {p
i
}, profile infor-
mation (e.g., category, popularity), the goal of mobile App
recommendation with security and privacy awareness is to
build an optimal ranked list of Apps in category c based on
both the Apps’ popularity and users’ security preferences.
Indeed, the above problem statement raises two issues:
• How to mine the security risks of Apps and produce a
ranked list Λ
(Risk)
= {a|a ∈ c} according to their risk
scores Risk(a), where a is ranked higher than a
∗
if
and only if Risk(a) > Risk(a
∗
).
• How to combine the risk based ranked list Λ
(Risk)
with
the popularity based ranked list Λ
(P op)
to produce final
ranking so as to meet various expectations of users,
who have different security and privacy concerns.
While it is appealing to provide mobile App recommenda-
tions with security and privacy awareness, it is a non-trivial
task to effectively discover and evaluate the security risks of
Apps, and produce desirable ranking of Apps by considering
both Apps’ popularity and users’ security preferences. In ad-
dition, there are often many different security preferences of
mobile users, and a huge number of Apps as candidates for
recommendations. Thus, how to efficiently manage Apps for
recommendation is also an op en question. To that end, in
this paper, we prop ose a novel recommendation framework
to solve these problems.
App-Permission
Bipartite Graph
Random Walk
Regularization
App Database
Estimating App Risk Scores
Building App Hash Tree
App Category
Security Preference
Online Input
Mobile User
App Recommendation
Offline Learning Stage
Online Recommendation Stage
Searching App Hash Tree
Portfolio Optimization
Figure 3: The recommendation framework.
Figure 3 shows the proposed recommendation framework,
which consists of two stages. The offline learning stage au-
tomatically learns the risk scores for Apps by leveraging the
random walk regularization with an App-permission bipar-
tite graph, and forms an App hash tree from the App data set
for efficiently managing Apps. The online recommendation
stage matches the given mobile users’ security preferences
and App categories according to the App hash tree, ranks
the candidate Apps with respect to both Apps’ popular-
ity and users’ security preferences by leveraging the modern
portfolio theory for recommendations.
3. ESTIMATING RISK SCORES FOR MO-
BILE APPS
Generally speaking, the risk score reflects the security
level of an App. The smaller the score is, the more safe
the App is. According to the above discussion, we can know
the security risks are essentially caused by the data access
permissions of Apps. Thus, an intuitive approach for mea-
suring the risks of Apps is to directly check each of the dan-
gerous permissions they request. However, there are many
critical challenges along this line, which make the problem
Mobile Apps
p
2
p
1
p
3
Permissions
a
1
a
2
a
3
a
4
$&&(66B),1(B/2&$7,21
5($'B&217$&76
5($'B3+21(B67$7(
0.3
0.7
0.2
0.8
0.5
0.5
0.4
0.6
Figure 4: An example of the bipartite graph.
still under-addressed. First, it is hard to explicitly define a
risk function with respect to different permissions for eval-
uating the potential risks of mobile Apps, since the permis-
sions are often very ambiguous and poorly understood [5, 8].
For example, we observe that although some permissions are
dangerous (e.g., location related permissions), they are com-
monly used in the Apps of some categories (e.g., navigation
Apps). Second, the latent relationships between Apps and
permissions should be taken into consideration, since similar
Apps (permissions) should have similar risk scores. Finally,
we should develop a scalable approach to refine risk scores,
since rich external knowledge can be leveraged for evaluat-
ing potential risks of Apps. For example, some external risk
reports, the state-of-the-art security models in relevant do-
mains as well as the prior knowledge from domain experts
can be leveraged for improving the performance of ranking
App risks. To deal with the above challenges, in this pa-
per, we propose a regularization approach based on a bipar-
tite graph, which can learn the security risk of mobile Apps
automatically without relying on any predefined risk func-
tion. Particularly, we develop an App-permission bipartite
graph to build the connections between Apps and permis-
sions, which is defined as follows.
Definition 2 (App-permission Bipartite Graph).
The graph can be denoted as G = {V, E, W }. V = {V
a
, V
p
}
is the node set, where V
a
= {a
1
, · · · , a
M
} denotes the set of
Apps and V
p
= {p
1
, · · · , p
N
} denotes the set of permissions.
E is the edge set, where e
ij
∈ E exists if and only if a
i
re-
quests the permission p
j
. W is the edge weight set, where
each w
ij
∈ W represents the weight of e
ij
and denotes the
probability that a
i
will request p
j
.
Figure 4 shows an example of App-permission bipartite
graph. Intuitively, the weight w
ij
can be estimated by the
permission records of all Apps in a
i
’s category. Specifically,
we can compute the weight by
w
ij
=
f
ij
e
ik
∈E
f
ik
, (1)
where f
ij
is the number of Apps in category c (a
i
∈ c)
requesting permission p
j
. Furthermore, we can denote each
App a
j
and permission p
j
as vectors
−→
a
i
= {w
i1
, · · · , w
iN
}
and
−→
p
j
= {w
1j
, · · · , w
Mj
}, respectively. Accordingly, we
define the latent similarity between Apps a
i
and a
j
by the
Cosine distance,
s
a
ij
= Cos(
−→
a
i
,
−→
a
j
) =
−→
a
i
·
−→
a
j
∥
−→
a
i
∥ · ∥
−→
a
j
∥
. (2)
Similarly, we define the latent similarity between permis-
sions p
i
and p
j
as s
p
ij
= Cos(
−→
p
i
,
−→
p
j
).
To estimate App risk scores with the App-permission bi-
partite graph, we first define two scores Risk(a
i
) and Risk(p
j
)
for node a
i
∈ V
a
and p
j
∈ V
p
, respectively. Intuitively,
Risk(a
i
) is the objective App risk score and Risk(p) is the
global permission risk score. Second, we develop a regu-
larization framework by regularizing the smoothness of the
above two scores over the bipartite graph. Specifically, if we
denote Risk(a
i
) as R
a
i
and Risk(p
j
) as R
p
j
, we define a cost
function as follows,
Q(a, p) =
λ
2
·
i
R
a
i
−
R
a
i
2
+
j
R
p
j
−
R
p
j
2
+ (3)
µ
2
·
i,j
s
a
ij
R
a
i
− R
a
j
2
+
i,j
s
p
ij
R
p
i
− R
p
j
2
+
1
2
·
i,j
w
ij
R
a
i
− R
p
j
2
,
where λ and µ are the regularization parameters,
R
a
i
and
R
p
j
are the prior risk scores derived from external knowledge.
Intuitively, this cost function is formed by three parts.
The first part controlled by λ defines the constraint that the
two risk scores should fit prior knowledge. The second part
controlled by µ defines the global consistency of the refined
risk scores over the graph. Specifically, it satisfies that, if
two Apps (permissions) have high latent similarity, their risk
scores should be similar. The third part is the smoothness
constraint between Apps and permissions, which guarantees
that, if an App has high probability to request a specific per-
mission, their risk scores should be similar. Therefore, the
problem of estimating risk scores is converted to the opti-
mization problem of finding optimal R
a
i
and R
p
j
to minimize
the cost function Q. In this paper, we exploit the classic
gradient descent method to solve this problem. Specifically,
we first assign values to R
a
i
= 1/M and R
p
j
= 1/N and iter-
atively update them by setting the following differentiated
results to zero.
∂Q
∂a
i
= λ(R
a
i
−
R
a
i
) + µ
j
s
a
ij
(R
a
i
− R
a
j
) +
j
w
ij
(R
a
i
− R
p
j
),
R
a
i
=
λ
R
a
i
+ µ
j
s
a
ij
R
a
j
+
j
w
ij
R
p
j
λ + µ
j
s
a
ij
+
j
w
ij
. (4)
∂Q
∂p
j
= λ(R
p
j
−
R
p
j
) + µ
i
s
p
ij
(R
p
j
− R
p
i
) +
i
w
ij
(R
p
j
− R
a
i
),
R
p
j
=
λ
R
p
j
+ µ
i
s
p
ij
R
p
i
+
i
w
ij
R
a
i
λ + µ
i
s
p
ij
+
i
w
ij
. (5)
After each iteration, all the values of R
a
i
and R
a
j
will be nor-
malized again, i.e., ∥R
a
∥
1
= 1 and ∥R
p
∥
1
= 1. Finally, we
can obtain the optimal risk scores after the results converge.
How to assign prior risk scores
R
a
i
and
R
p
j
from external
knowledge is an open question. In practice, some intuitive
solutions include inviting domain experts for assigning risk
scores, building a security classifier through external risk
reports, or exploiting state-of-the-art security models in rel-
evant domains. In this paper, as an attempt, we leverage
the probabilistic approach PNB (Naive Bayes with informa-
tion Priors) proposed in [14] for this task, which is based on
the scoring scheme, and thus can be directly adopted by our
regularization framework. Specifically, PNB aims to learn a
Naive Bayes model with parameter θ that can best explain
the generative process of permissions, i.e., P (p
j
|θ ). In this
model, the parameter θ is assumed to follow the Beta prior
Beta(θ; α
0
, β
0
), and the probability can be estimated by
P (p
j
|θ) =
M
i
x
i,j
+ α
0
M + α
0
+ β
o
, (6)
where M is the total number of Apps and x
i,j
is a binary
function which is equal to 1 (i.e., a
i
requests the permission
p
j
) or 0 (i.e., a
i
does not request the permission p
j
). Partic-
ularly, PNB also defines three categories of permissions with
respect to their threat levels (i.e., similar as the preliminaries
in Section 2), and each category has a specific Beta(θ; α
0
, β
0
)
as informative priors. Therfore, the risk scores of permission
p
j
and App a
i
can be estimated by
R
p
j
= − ln P (p
j
|θ) and
R
a
i
= − ln P (p
1
, · · · , p
k
|θ), where each p
k
∈ a
i
. Note that,
both
R
a
i
and
R
p
j
are normalized before learning our regu-
larization framework. Although PNB is a straightforward
approach that cannot solve all the challenges mentioned be-
fore, its effectiveness on ranking risks of Apps has been well
proved. Therefore, using PNB as prior knowledge in our
regularization framework is appropriate.
4. RANKING FOR MOBILE APP RECOM-
MENDATION
Algorithm 1 Automatic Detection of Security Levels
Input: The set of Apps A = {a
i
}; Parameter δ;
Output: The set of security levels Ψ;
1: Rank A in descending order according to Risk ( a);
2: L = ∅;
3: for each i ∈ [1, |A|] do
4: A
∗
= L ∪ {A[i]};
5: calculate CV (A
∗
) in terms of Risk(a) (a ∈ A
∗
);
6: if (CV (A
∗
) > δ) then
7: Ψ ∪ = L; L = ∅ is a new level;
8: else
9: L∪ = {A[i]};
10: end if
11: end for
12: return Ψ
After computing the risk score for each mobile App, we
can rank Apps in ascending order with respect to their risk
scores for recommendations. Moreover, if some Apps have
the same risk scores, they will be further ranked according
to popularity scores (e.g., overall rating). However, for real-
world App recommendation services, users may have difficul-
ties to get clear perception about the risks of ranked Apps.
A promising way to help users understand the different risks
of Apps is to categorize the risks into discrete levels (e.g.,
Low, Medium, High). In fact, people often describe their
perception about risk or security with such discrete levels.
Therefore, in this paper, we further group Apps into differ-
ent clusters, each of which has the same security level (e.g,
Low or High). However, it is not easy to get an accurate
and appropriate segmentation of Apps with respect to their
risk scores due to the lack of appropriate benchmarks.
To solve the above problem, we develop a Coefficient of
Variation (CV) based approach to automatically segment
mobile Apps. The main idea of this approach is that two
adjacent Apps in the globally ranked list are assigned with
different security levels, if their risk scores have dramatic
differences, which can be captured by the CV, i.e.,
variance
mean
,
of their risk scores. The detailed segmentation algorithm
is shown in Algorithm 1. The parameter δ is a threshold
used for determining the dramatic difference of CV. After
segmentation, the Apps at lower security levels have higher
security risk.
Now, we are able to recommend Apps for users. Specifi-
cally, given a specific security level L
∗
and a category c, we
can treat all the Apps in category c with security L ≥ L
∗
as candidates. Intuitively, there are two types of ranking
principles for recommending Apps.
• Security Principle: We first rank App candidates in
ascending order by their risk scores, and Apps have
the same scores will be further ranked by popularity
scores (e.g., overall rating).
• Popularity Principle: We first rank App candidates
in descending order by their popularity scores (e.g.,
overall rating), and Apps have the same popularity
scores will be further ranked by risk scores.
Furthermore, we need to strike a balance between users’
security preferences and Apps’ popularity for recommenda-
tions. To achieve such a balance, we also propose a hybrid
principle for App recommendations, which is based on the
modern portfolio theory [16]. The p ortfolio theory is origi-
nally proposed in the field of finance, which focuses on the
investment problem of financial market. For example, an
investor often wants to select a portfolio of n sto cks with a
fixed investment budget, which will provide the maximum
future return and the minimum risk. In our problem, the
stocks can be regarded as Apps, the future return and risk
can be regarded as popularity and security risk of Apps.
Specifically, an App portfolio Υ can be represented by a
collection of n Apps with a corresponding weight w
i
assigned
to each App a, i.e.,
Υ =
(a
i
, w
i
)
, s.t.
i
w
i
= 1. (7)
Indeed, the weight w
i
in finance is the percentage of the bud-
get invested in the i-th stock. According to the discussion
in [19], the weight w
i
in our problem indicates how much
attention the recommender system wants the target user to
pay on the App a
i
. Therefore, the weights can be used to
determine the ranks of Apps; that is, Apps should be ranked
by the descending order of their weights. Before obtaining
the weights, we first define the future return of the App
portfolio as E[Υ], which can be computed by
E[Υ] =
n
i
w
i
· ∆
−1
i
, (8)
where ∆
i
is the rank of App a
i
in the popularity based
ranked list Λ
(P op)
. Also, we define the future risk of the App
portfolio as R[Υ], which can be computed by the following
function [12],
R[Υ] =
n
i
(w
2
i
∇
−2
i
+ 2
n
j=i+1
w
i
w
j
∇
−1
i
∇
−1
j
J
ij
), (9)
where ∇
i
is the rank of App a
i
in the risk based ranked
list Λ
(Risk)
, and J
ij
is the risk correlation between Apps a
i
and a
j
. Here, we estimate J
ij
according to the similarity of
requested permissions. For any two Apps, the more common
permissions are requested, the higher risk similarity they
have. To this end, we compute J
ij
using Jaccard coefficient
between Apps a
i
and a
j
by,
J
ij
=
N
ij
N
i
+ N
j
− N
ij
, (10)
where N
i
is the number of permissions requested by App a
i
,
and N
ij
is the number of common permissions requested by
two Apps a
i
and a
j
.
In our problem, the objective is to learn a set of App
weights w for maximizing the future return and minimizing
