Classification and security assessment of android apps
Tóm tắt
Current mobile platforms pose many privacy risks for the users. Android applications (apps) request access to device resources and data, such as storage, GPS location, camera, microphone, SMS, phone identity, and network information. Legitimate mobile apps, advertisements (ads), and malware all require access to mobile resources and data to function properly. Therefore, it is difficult for the user to make informed decisions that effectively balance their privacy and app functionality. This study analyzes the Android application permissions, ad networks and the impact on end-user’s privacy. Dangerous combinations of app permissions, and ad networks are used as features in our prediction models to understand the behavior of apps. Our models have a high classification accuracy of 95.9% considering the imbalance in real life between benign and malicious apps. Our assumption that certain app permissions can be a potential threat to the privacy of end users is confirmed to be one of the most impactful features of our prediction models. Since our study considers the impact of ad networks and malware permissions, it will help end-users make more informed decision about the app permissions they grant and understand that the app permissions open doors to more vulnerabilities, and at some point, benign apps can behave maliciously.
Tài liệu tham khảo
Turner A. Android vs. Apple Market Share: Leading Mobile Operating Systems (OS). https://www.bankmycell.com/blog/android-vs-apple-market-share/. Accessed 01 May 2023.
Turner A. How many smartphones are in the world? https://www.bankmycell.com/blog/how-many-phones-are-in-the-world. Accessed 01 May 2023.
International Data Corporation. Smartphone market share. https://www.idc.com/promo/smartphone-market-share. Accessed 01 May 2023.
Ceci L. Google Play: number of available apps 2009–2023; 2023. https://www.statista.com/statistics/266210/number-of-available-applications-in-the-google-play-store/. Accessed 01 May 2023.
Check Point Research Team. The mobile malware landscape in 2022—of spyware, zero-click attacks, smishing and store security; 2022. https://blog.checkpoint.com/2022/09/15/the-mobile-malware-landscape-in-2022-of-spyware-zero-click-attacks-smishing-and-store-security/. Accessed 01 May 2023.
Ashawa M, Morris S. Modeling correlation between android permissions based on threat and protection level using exploratory factor plane analysis. J Cybersecur Priv. 2021;1:704–42. https://doi.org/10.3390/jcp1040035.
Alshehri A, Hewins A, McCulley M, Alshahrani H, Fu H, Zhu Y. Risks behind device information permissions in Android OS. Commun Netw. 2017;09(04):219–34. https://doi.org/10.4236/cn.2017.94016.
Cajucom E, Dacuno P, Aquino K, Aquilino B, Hilyati A, Jamaludin S et al. Threat report 2015. https://f-secure.bg/wp-content/uploads/2016/08/Threat_Report_2015.pdf. Accessed 01 May 2023.
Shrivastava G, Kumar P, Gupta D, Rodrigues JJ. Privacy issues of android application permissions: a literature review. Trans Emerg Telecommun Technol. 2019;31(12): e3773. https://doi.org/10.1002/ett.3773.
Zhou Y, Wang Z, Zhou W, Jiang X. Hey, you, get off of my market: detecting malicious apps in official and alternative android markets. In: Proceedings of the 19th network and distributed system security symposium NDSS 2012; 2012.
Sarma BP, Li N, Gates C, Potharaju R, Nita-Rotaru C, Molloy I. Android permissions: a perspective combining risks and benefits. In: Proceedings of the 17th ACM symposium on access control models and technologies (SACMAT'12); 2012 Jun 20–22; New Jersey, USA. New York: ACM; 2012. p. 13–22. https://doi.org/10.1145/2295136.2295141
Chang CC, Lin CJ. LIBSVM: a library for support vector machines. ACM Trans Intell Syst Technol. 2011;2(3):1–27. https://doi.org/10.1145/1961189.1961199.
Owusu E, Quainoo R, Mensah S, Appati JK. A deep learning approach for loan default prediction using imbalanced dataset. Int J Intell Inf Technol IJIIT. 2023;19(1):1–16. https://doi.org/10.4018/IJIIT.318672.
Peng H, Gates C, Sarma B, Li N, Qi Y, Potharaju R, et al. Using probabilistic generative models for ranking risks of Android apps. In: Proceedings of the 2012 ACM conference on computer and communications security (CCS ’12); 2012 Oct 16–18; North Carolina, USA. New York: ACM; 2012. p. 241–52. https://doi.org/10.1145/2382196.2382224.
Allix K, Bissyandé TF, Jérome Q, Klein J, State R, Traon YL. Empirical assessment of machine learning- based malware detectors for Android. Empir Softw Eng. 2014;21(1):183–211. https://doi.org/10.1007/s10664-014-9352-6.
Alshehri A, Marcinek P, Alzahrani A, Alshahrani H, Fu H. PUREDroid: permission usage and risk estimation for Android applications. In: Proceedings of the 2019 3rd international conference on information system and data mining (ICISDM 2019); 2019 Apr 6–8; Texas, USA. New York: ACM; 2019. p. 179–84. https://doi.org/10.1145/3325917.3325941.
Ravinder M, Jaiswal A, Gulati S. Deep learning-based object detection in diverse weather conditions. Int J Intell Inf Technol IJIIT. 2022;18(1):1–14. https://doi.org/10.4018/IJIIT.296236.
Rathore, H., Sahay, S. K., Rajvanshi, R., & Sewak, M. (2021). Identification of significant permissions for efficient Android malware detection. Lecture notes of the institute for computer sciences, social informatics and telecommunications engineering. p. 33–52. https://doi.org/10.1007/978-3-030-68737-3_3
Mcdonald J, Herron N, Glisson W, Benton R. Machine learning-based Android malware detection using manifest permissions. In: Proceedings of the annual hawaii international conference on system sciences; 2021. https://doi.org/10.24251/hicss.2021.839
Mathur A, Podila LM, Kulkarni K, Niyaz Q, Javaid AY. NATICUSdroid: a malware detection framework for Android using native and custom permissions. J Inf Secur Appl. 2021;58: 102696. https://doi.org/10.1016/j.jisa.2020.102696.
Alsoghyer S, Almomani I. On the effectiveness of application permissions for android ransomware detection. In: 2020 6th conference on data science and machine learning applications (CDMA). https://doi.org/10.1109/cdma47397.2020.00022
Mohamad Arif J, Ab Razak MF, Awang S, Tuan Mat SR, Ismail NS, Firdaus A. A static analysis approach for android permission-based malware detection systems. PLoS ONE. 2021;16(9): e0257968. https://doi.org/10.1371/journal.pone.0257968.
Hongmu H, Li R, Gu X. Identifying malicious Android apps using permissions and system events. Int J Embed Syst. 2016;8(1):46–58. https://doi.org/10.1504/IJES.2016.073752.
Mobile Threat Intelligence Report - Broadcom Inc. (2016). https://docs.broadcom.com/doc/skycure-mobile-threat-intelligence-report-q1-2016-en. Accessed 01 May 2023.
Svajcer V. Sophos mobile security threat report; 2014. https://www.sophos.com/en-us/medialibrary/PDFs/other/sophos-mobile-security-threat-report.pdf. Accessed 01 May 2023.
Emm D, Garnaeva M, Unuchek R, Makrushin D, Ivanov A, IT threat evolution in Q3; 2015. https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07201846/KLReport-IT-threat-evolution-Q3-2015_EN.pdf. Accessed 01 May 2023.
Unuchek R. Mobile malware evolution 2016; 2017. https://securelist.com/mobile-malware-evolution-2016/77681/. Accessed 01 May 2023.
Lockheimer H, Android and security; 2012. https://googlemobile.blogspot.com/2012/02/android-and-security.html. Accessed 01 May 2023.
Stevens R, Gibler C, Crussell J, Erickson J, Chen H. Investigating user privacy in Android ad libraries. In: IEEE Mobile Security Technologies (MoST); 2012.
Felt AP, Ha E, Egelman S, Haney A, Chin E, Wagner D. Android permissions: user attention, comprehension, and behavior. In: Proceedings of the eighth symposium on usable privacy and security (SOUPS ’12); 2012 Jul 11–13; Washington, D.C., USA. New York: ACM; 2012. Article 3, p. 14. https://doi.org/10.1145/2335356.2335360.
Kelley PG, Consolvo S, Cranor LF, Jung J, Sadeh N, Wetherall D. A conundrum of permissions: installing applications on an Android smartphone. In: Blyth J, Dietrich S, Camp LJ, editors. Financial cryptography and data security. International conference on financial cryptography and data security (FC 2012). Lecture notes in computer science; 2012 Feb 27–Mar 2; Kralendijk, Bonaire, Sint Eustatius and Saba. Berlin, Heidelberg: Springer; 2012. vol. 7398, p. 68–79. https://doi.org/10.1007/978-3-642-34638-5_6 .
Waikato Environment for Knowledge Analysis. Weka 3—data mining with open source machine learning software in Java. http://www.cs.waikato.ac.nz/ml/weka/. Accessed 01 May 2023.
Jeya MD, Prabha R. On the application of quick artificial bee colony algorithm (qABC) for attenuation of test suite in real-time software applications. Int J Intell Inf Technol IJIIT. 2023;19(1):1–23. https://doi.org/10.4018/IJIIT.318673.
Jiang EP. A hybrid learning framework for imbalanced classification. Int J Intell Inf Technol IJIIT. 2022;18(1):1–15. https://doi.org/10.4018/IJIIT.306967.
Sujatha T, Wilfred Blessing NR, Palarimath S. Mining competitors and finding winning plans using feature scoring and ranking-based CMiner++ algorithm: finding top-K competitors. Int J Intell Inf Technol IJIIT. 2023;19(1):1–11. https://doi.org/10.4018/IJIIT.318670.
Han H, Wang WY, Mao BH. Borderline-SMOTE: a new over-sampling method in imbalanced data sets learning. In: Huang DS, Zhang XP, Huang GB, editors. Advances in intelligent computing, lecture notes in computer science. Proceedings of international conference on intelligent computing (ICIC 2005) Part I; 2005 Aug 23–26; Hefei, China. Berlin, Heidelberg: Springer; 2005. vol. 3644, p. 878–87. https://doi.org/10.1007/11538059_91.
Chawla NV, Bowyer KW, Hall LO, Kegelmeyer WP. SMOTE: synthetic minority over-sampling technique. J Artif Intell Res. 2002;16(1):321–57. https://doi.org/10.1613/jair.953.
Lee SK. On classification and regression trees for multiple responses and its application. J Classif. 2006;23(1):123–41. https://doi.org/10.1007/s00357-006-0007-1.
Zhu XD, Su JS, Wu QF, Dong HL. Naive Bayes classification algorithm based on optimized training data. AMR. 2012;490–495:460–4. https://doi.org/10.4028/www.scientific.net/amr.490-495.460.
Anastasov A. Android Malware Apps Master list—stay away from these titles at all costs. PhoneArena; 2023. https://www.phonearena.com/news/android-malware-apps-master-list_id149175. Accessed 03 Sept 2023.
Predicting cyber threats. CloudSEK; 2023. https://www.cloudsek.com/. Accessed 15 Sept 2023.
Caushaj E. Relationship between user privacy and application permissions in smartphone platforms [dissertation]. Rochester (MI): Oakland University; 2017.
Androguard. Androguard/androguard: Reverse engineering and Pentesting for Android Applications. GitHub; 2023. https://github.com/androguard/androguard. Accessed 15 Sept 2023.
APKpure; 2023. https://m.apkpure.com/. Accessed 15 Sept 2023.
Android Developers, <permission>. https://developer.android.com/guide/topics/permissions/overview. Accessed 01 May 2023.
Vogelzang M, Maurer U, AppBrain app market. https://www.appbrain.com/. Accessed 01 May 2023.
Zhang Y, Dai J, Zhang X, Huang S, Yang Z, Yang M, et al. Detecting third-party libraries in Android applications with high precision and recall. In: IEEE 25th international conference on software analysis, evolution, and reengineering (SANER); 2018 Mar 20–23; Campobasso, Italy. https://doi.org/10.1109/SANER.2018.8330204
MobSF. MOBSF/Mobile-security-framework-mobsf: Mobile security framework (mobsf) is an automated, all-in-one mobile application (Android/IOS/Windows) pen-testing, malware analysis and Security Assessment Framework capable of performing static and dynamic analysis. GitHub; 2023. https://github.com/MobSF/Mobile-Security-Framework-MobSF. Accessed 15 Sept 2023.
Ladkat A, Zure D, Mathew L, More P, Moon P, Dhasade P et al. Quick Heal quarterly threat report—Q1; 2017. http://dlupdate.quickheal.com/documents/others/Quick_Heal_Threat_Report_Q1_2017.pdf. Accessed 03 May 2023.
Quick Heal Security Labs, Quick Heal Marketing Team, Quick Heal quarterly threat report—Q1; 2018. https://www.quickheal.co.in/documents/threat-report/Quick-Heal-Quarterly-Threat-Report-Q1-2018.pdf. Accessed 01 May 2023.
Samani R, Beek C. McAfee Labs threats report; 2018.https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-dec-2018.pdf. Accessed 01 May 2023.