Mobile devices (MD) are used by mobile cloud computing (MCC) customers users because of their 11 portability and robust connectivity and the ability to house and operate third-party applications 12 (apps). However, the apps installed on a MD may pose data security risks to the MD owner and to 13 other MCC users, especially when the requested permissions include access to sensitive data (e.g., 14 user’s location and contacts). Calculating the risk score of an app or quantifying its potential 15 harmfulness based on user input or on data gathered while the app is actually running may not 16 provide reliable and sufficiently accurate results to avoid harmful consequences. This study 17 develops and evaluates a risk assessment framework for Android-based MDs that does not depend 18 on user input or on actual app behaviour. Rather, an app risk evaluator assigns a risk category to 19 reach resident app based on the app’s classification (benign or malicious) and the app’s risk score. 20 The app classifier (a trained machine learning model) considers the permissions and the intents 21 requested by the app. The apps risk score is calculated by a probabilistic function based on the 22 app’s use of a set of selected dangerous permissions. The results from the testing of an instance of 23 the framework on a MD with real-life resident apps indicated that the proposed security solution 24 was effective and feasible.