Analysis of Malicious Behavior of Android Apps

The proliferation of Android apps has resulted in many malicious apps entering the market and causing significant damage. Robust techniques that determine if an app is malicious are greatly needed. We propose the use of a network-based approach to effectively separate malicious from benign apps, based on a small labeled dataset. The apps in our dataset come from the Google Play Store and have been scanned for malicious behavior using Virus Total to produce a ground truth dataset with labels malicous or benign. The apps in the resulting dataset have been represented using binary feature vectors (where the features represent permissions, intent actions, discriminative APIs, obfuscation signatures, and native code signatures). We have used the feature vectors corresponding to apps to build a weighted network that captures the “closeness” between apps. We propagate labels from the labeled apps to unlabeled apps, and evaluate the effectiveness of the proposed approach using the F1-measure. We have conducted experiments to compare three variants of the label propagation approaches on datasets that include increasingly larger amounts of labeled data. The results have shown that a variant proposed in this study gives the best results overall.

Download Full-text

Real-Time Detection of Malicious Behavior in Android Apps

2016 International Conference on Advanced Cloud and Big Data (CBD) ◽

10.1109/cbd.2016.046 ◽

2016 ◽

Cited By ~ 5

Author(s):

Zhenyu Ni ◽

Ming Yang ◽

Zhen Ling ◽

Jia-Nan Wu ◽

Junzhou Luo

Keyword(s):

Real Time ◽

Android Apps ◽

Malicious Behavior ◽

Real Time Detection

Download Full-text

Tracing or Tracking? A Preliminary Analysis of COVID-19 Outbreak Tracker Apps on Android and User Privacy (Preprint)

10.2196/preprints.19662 ◽

2020 ◽

Author(s):

Alex Akinbi ◽

Ehizojie Ojie

Keyword(s):

Preliminary Analysis ◽

Service Providers ◽

User Participation ◽

Memory Storage ◽

Phone Call ◽

Contact Tracing ◽

Privacy Rights ◽

User Privacy ◽

Android Apps ◽

User Data

BACKGROUND Technology using digital contact tracing apps has the potential to slow the spread of COVID-19 outbreaks by recording proximity events between individuals and alerting people who have been exposed. However, there are concerns about the abuse of user privacy rights as such apps can be repurposed to collect private user data by service providers and governments who like to gather their citizens’ private data. OBJECTIVE The objective of our study was to conduct a preliminary analysis of 34 COVID-19 trackers Android apps used in 29 individual countries to track COVID-19 symptoms, cases, and provide public health information. METHODS We identified each app’s AndroidManifest.xml resource file and examined the dangerous permissions requested by each app. RESULTS The results in this study show 70.5% of the apps request access to user location data, 47% request access to phone activities including the phone number, cellular network information, and the status of any ongoing calls. 44% of the apps request access to read from external memory storage and 2.9% request permission to download files without notification. 17.6% of the apps initiate a phone call without giving the user option to confirm the call. CONCLUSIONS The contributions of this study include a description of these dangerous permissions requested by each app and its effects on user privacy. We discuss principles that must be adopted in the development of future tracking and contact tracing apps to preserve the privacy of users and show transparency which in turn will encourage user participation.

Download Full-text