11th International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services

Research Article

How dangerous is your Android app? An evaluation methodology

Download502 downloads
  • @INPROCEEDINGS{10.4108/icst.mobiquitous.2014.257832,
        author={Andrea Atzeni and Tao Su and Madalina Baltatu and Rosalia D'Alessandro and Giovanni Pessiva},
        title={How dangerous is your Android app? An evaluation methodology},
        proceedings={11th International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services},
        keywords={android app analysis application risk level estimation fuzzy logic algorithm},
  • Andrea Atzeni
    Tao Su
    Madalina Baltatu
    Rosalia D'Alessandro
    Giovanni Pessiva
    Year: 2014
    How dangerous is your Android app? An evaluation methodology
    DOI: 10.4108/icst.mobiquitous.2014.257832
Andrea Atzeni1, Tao Su1,*, Madalina Baltatu2, Rosalia D'Alessandro2, Giovanni Pessiva1
  • 1: Politecnico di Torino
  • 2: Telecom Italia Lab
*Contact email: tao.su@polito.it


In the last decade, we have witnessed an unprecedented increase in the adoption of mobile devices. A substantial number of these devices run on the Android operating system. Android is an open-source operating system based on Linux, which provides a permission-based security model that demands each application to request explicit permissions (approved by the user) before it can be installed to run. However, end users cannot estimate application risk, so the user's decision is almost completely unrelated to the application risk level. Moreover, due to the platform openness and the plethora of available software, dangerous apps (even if not necessarily malware) are now also very common for Android devices. In this paper we propose a new approach and a tool to evaluate the potential risk of Android application packages to help end user security awareness. The tool exploits both static and dynamic analysis techniques. It examines the correlations between app required permissions and the invoked APIs, as well as the contents in the package, and subsequently it uses a dynamic analysis module to confirm the suspicions proposed by static modules. The risk activities detected by analysis modules are then mapped into finer-grained risk categories and further evaluated using the fuzzy logic algorithm. Fuzzy logic aims to deal with uncertainty which arises from the nature of automatic analysis, as not all detected activities intend to cause harm. For the sake of both tech-uninterested and tech-savvy users, the results contain a simple numerical value showing the risk level plus a detailed report of detected activities and their mappings to the risk categories. Finally, we tested our software on a large set of real-world samples, demonstrating its efficiency and showing a reasonable capacity to identify and evaluate the potential risk of application packages, both the benign and the malicious ones.