Group Permission -based Analysis of Android Mobile Applications for Malware Detection

Abstract:

The main goal of this paper is the introduction of the problem of mobile device protection against malware for the Android platform. The article presents a concept of group malware detection based on the analysis of the installation package. 50 samples of malware were analyzed. For each sample, static and dynamic analyses were carried out. As a result, data were collected about granted permissions, the lowest version of the system on which the application will run, the characteristics of the application code, and network traffic. Moreover, press reports and information about the use and distribution of malicious packets were analyzed. This information allowed us to define the application assessment criteria. The comparison of the most common permissions together with the goal of the application helped to define an effective method for detecting potential threats to the user privacy. In the proposed method, applications are assigned utility groups that define the declared goals of the application. Each group is assigned a list of potentially used permissions. To increase the effectiveness of the security classification, the data about the number of assigned permissions and the level of the privacy threat to the user were also used.  For the purpose of testing the effectiveness of the proposed method, a mobile application has been implemented. From its results, conclusions have been drawn, which show that the proposed method is effective in detecting the abuse of the given consents. However, the user experience should be improved in the next iterations of the work and false-positive cases should be eliminated without significantly changing the performance.