Entropy-based security risk measurement for Android mobile applications

Abstract

Android as a widest used operating system for smartphones and mobile devices uses permissions to restrict malicious applications (apps). However, malware developers use various social engineering methods to entice users for installing malwares after granting critical permissions by users. Therefore, it is essential to estimate security risks of untrusted Android apps to help users for making better decisions regarding app selection and installation. In this paper, the concept of criticality for Android permissions is precisely defined according to the abuse of permissions by known malwares and their legal usage by useful apps. Based on this definition and analyzing requested permissions of large numbers of malwares and benign apps, a new criterion is proposed to measure the security risks of the apps. This measure benefits from the concepts of entropy and information gain of permissions regarding separating malwares from benign apps. In this criterion, more informative permissions have higher impacts on the computed risk values. In order to evaluate the proposed criterion, two new datasets of recent malicious and non-malicious Android apps have been constructed and analyzed against existing ones. This analysis shows that permission usage patterns of Android apps are changed over the time. Empirical evaluations on recent and previous malwares and benign apps reveal the superiority of the proposed criterion with respect to previously proposed ones in terms of assigning larger risk values to malwares.