ECOSYSTEM OF INSTALLED MOBILE APPLICATIONS FOR IDENTIFYING BEHAVIORAL GROUPS AND ASSESSING DIGITAL RISK
DOI:
https://doi.org/10.28925/2663-4023.2025.31.1041Keywords:
mobile forensics; behavioral profiling; installed mobile applications; clustering; digital risk score; application ecosystem analysis.Abstract
The article investigates the ecosystem of installed mobile applications as a source of behaviorally relevant digital artifacts that can be used for user profiling and digital risk assessment in mobile device forensics. Smartphones accumulate a wide range of application-level traces that reflect user habits, interests, and activity patterns, making the structure of installed apps a valuable indirect indicator of behavioral characteristics. The study proposes a methodological framework that transforms application lists into a structured representation of user profiles based on proportional distributions of app categories. Using a dataset of anonymized screenshots collected from 100 participants, each mobile application was classified into a unified taxonomy of categories, enabling the construction of “user–category” behavioral vectors. To identify latent groups of digital behavior, k-means clustering was applied with prior normalization and validated using silhouette metrics. Dimensionality reduction through PCA allowed visualizing cluster separation and exploring structural differences between users. The results reveal two distinct behavioral groups with clearly different application ecosystems: one dominated by financial, governmental, security-oriented, and cryptocurrency apps; the other characterized by broader multimedia, utility, productivity, and personalization tools. A digital risk score was introduced to quantify potential forensic relevance based on the presence of high-risk app categories such as VPN services, anonymization tools, secure messengers, and cryptocurrency platforms. Comparative analysis shows that the first cluster demonstrates substantially higher risk levels, indicating potentially more complex forensic reconstruction scenarios. The study demonstrates that analyzing installed mobile applications enables effective behavioral segmentation, uncovering latent usage patterns and supporting forensic evaluation of digital risk. The proposed methodology offers a scalable approach for integrating application-based analysis into mobile forensics workflows and highlights directions for future work, including expanded datasets, incorporation of temporal usage patterns, and advanced machine-learning models for behavioral interpretation.
Downloads
References
Grispos, G., Glisson, W. B., & Storer, T. (2011). Recovering artefacts from a smartphone used as a remote control for a smart TV. Digital Investigation, 8(3–4), 123–134. https://doi.org/10.1016/j.diin.2011.05.004
Huber, M. (2019). Forensic determination of movement and usage profiles using data from Pokémon GO. International Journal of Digital Crime and Forensics, 11(4), 1–16. https://doi.org/10.4018/IJDCF.2019100101
Alasmary, W., Saeed, M., Alhaidari, F., & Alrasbi, I. (2022). Data usage-based privacy and security issues in mobile app ecosystems. Library Hi Tech, 40(3), 725–747. https://doi.org/10.1108/LHT-05-2021-0164
Agrawal, A., Rahate, P., & Jha, S. (2021). User profiling via application usage pattern on digital devices for behavior analysis. Expert Systems with Applications, 168, 114374. https://doi.org/10.1016/j.eswa.2020.114374
Chih-Chang, K., et al. (2020). A Framework for Estimating Privacy Risk Scores of Mobile Apps. In J. Zhou et al. (Eds.), Secure IT Systems, NordSec 2020, LNCS 12556, 201–218. https://doi.org/10.1007/978-3-030-62974-8_13
Hamed, A., & El-Kharashi, M. W. (2016). Privacy risk assessment and users’ awareness for mobile applications. 2016 11th International Conference on Computer Engineering & Systems (ICCES), 225–232. https://doi.org/10.1109/ICCES.2016.7821992
Belkasoft, Gladyshev, P. (2020). Android system artifacts: Forensic analysis of application usage. Digital Investigation, 33, 200900. https://doi.org/10.1016/j.diin.2020.200900
Petraitytė, M., & Dehghantanha, A. (2017). Mobile phone forensics: An investigative framework based on forensic-by-design principles. Digital Investigation, 21, S96–S105. https://doi.org/10.1016/j.diin.2017.01.012
Spichiger, A., & Adelstein, F. (2025). Argus: A new approach for forensic analysis of apps on mobile devices. Forensic Science International: Digital Investigation, 12(2), 100–117. https://doi.org/10.1016/j.fsidi.2025.301938
Bardhan, I., Garay, J. L., & Paravisini, D. (2025). Digital Forensics Analysis of a Financial Mobile Application. Forensic Science International: Reports, 34, 221–230. https://doi.org/10.1109/ISNCC62547.2024.10758975
Frontiersin team. (2025). Investigating methods for forensic analysis of social media data to detect cyberbullying, fraud, and fake news. Frontiers in Computer Science, 2, 1566513. https://doi.org/10.3389/fcomp.2025.1566513
Par. NSF. (2025). Mobile Application Privacy Risk Assessments from User-authored Scenarios. Privacy Risk Assessment, 11(8), 153–167. https://doi.org/10.5281/zenodo.8026501
Dienlin, T., Johnson, M., & Jiang, Y. (2025). Privacy Relevance and Disclosure Intention in Mobile Apps. Computers in Human Behavior, 130, 107–119. https://doi.org/10.3390/bs15030324
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Тарас Фединишин, Ольга Партика
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
