Abstract
Since more than 96 percent of mobile malware targets the Android platform, various techniques based on static code analysis or dynamic behavior analysis have been proposed to detect malicious apps. As malware is becoming more complicated and stealthy, recent research proposed a promising detection approach that looks for the inconsistency between an app's permissions and its description. In this paper, we first revisit this approach and reveal that using description and permission will lead to many false positives because descriptions often fail to declare all sensitive operations. Then, we propose exploiting an app's privacy policy and its bytecode to enhance the malware detection based on description and permissions. It is non-trivial to automatically analyze privacy policy and perform the cross-verification among these four kinds of software artifacts including, privacy policy, bytecode, description, and permissions. To address these challenging issues, we first propose a novel data flow model for analyzing privacy policy, and then develop a new system, named TAPVerifier, for carrying out investigation of individual software artifacts and conducting the cross-verification. The experimental results show that TAPVerifier can analyze privacy policy with a high accuracy and recall rate. More importantly, integrating privacy policy and bytecode level information can remove up to 59.4 percent false alerts of the state-of-the-art systems, such as AutoCog, CHABADA, etc.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.