Security and Privacy in Mobile Information and Communication Systems. Third International ICST Conference, MobiSec 2011, Aalborg, Denmark, May 17-19, 2011, Revised Selected Papers

Research Article

Android Market Analysis with Activation Patterns

Download98 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-30244-2_1,
        author={Peter Teufl and Stefan Kraxberger and Clemens Orthacker and G\'{y}nther Lackner and Michael Gissing and Alexander Marsalek and Johannes Leibetseder and Oliver Prevenhueber},
        title={Android Market Analysis with Activation Patterns},
        proceedings={Security and Privacy in Mobile Information and Communication Systems. Third International ICST Conference, MobiSec 2011, Aalborg, Denmark, May 17-19, 2011, Revised Selected Papers},
        proceedings_a={MOBISEC},
        year={2012},
        month={10},
        keywords={Android Market Activation Patterns Machine Learning Security Permissions Android Malware Anomaly Detection Semantic Search Unsupervised Clustering},
        doi={10.1007/978-3-642-30244-2_1}
    }
    
  • Peter Teufl
    Stefan Kraxberger
    Clemens Orthacker
    Günther Lackner
    Michael Gissing
    Alexander Marsalek
    Johannes Leibetseder
    Oliver Prevenhueber
    Year: 2012
    Android Market Analysis with Activation Patterns
    MOBISEC
    Springer
    DOI: 10.1007/978-3-642-30244-2_1
Peter Teufl1,*, Stefan Kraxberger1,*, Clemens Orthacker1,*, Günther Lackner1,*, Michael Gissing1, Alexander Marsalek1, Johannes Leibetseder1, Oliver Prevenhueber1
  • 1: University of Technology Graz
*Contact email: peter.teufl@iaik.tugraz.at, stefan.kraxberger@iaik.tugraz.at, clemens.orthacker@iaik.tugraz.at, guenther.lackner@iaik.tugraz.at

Abstract

The increasing market share of the Android platform is partly caused by a growing number of applications (apps) available on the Android market: by now (January 2011) roughly 200.000. This popularity in combination with the lax market approval process attracts the injection of malicious apps into the market. Android features a fine-grained permission system allowing the user to review the permissions an app requests and grant or deny access to resources prior to installation. In this paper, we extract these security permissions along other metadata of 130.211 apps and apply a new analysis method called Activation Patterns. Thereby, we are able to gain a new understanding of the apps through extracting knowledge about security permissions, their relations and possible anomalies, executing semantic search queries, finding relations between the description and the employed security permissions, or identifying clusters of similar apps. The paper describes the employed method and highlights its benefits in several analysis examples – e.g. screening the market for possible malicious apps that should be further investigated.