App Metadata Research Articles

TDBAMLA: Temporal and dynamic behavior analysis in Android malware using LSTM and attention mechanisms

The increasing ubiquity of Android devices has precipitated a concomitant surge in sophisticated malware attacks, posing critical challenges to cybersecurity infrastructures worldwide. Existing models have achieved significant strides in malware detection but often suffer from high false-positive rates, lower recall, and computational delays, thus demanding a more efficient and accurate system. Current techniques primarily rely on static features and simplistic learning models, leading to inadequate handling of temporal aspects and dynamic behaviors exhibited by advanced malware. These limitations compromise the detection of modern, evasive malware, and impede real-time analysis. This paper introduces a novel framework for Android malware detection that incorporates Temporal and Dynamic Behavior Analysis using Long Short-Term Memory (LSTM) networks and Attention Mechanisms. We further propose development of an efficient Grey Wolf Optimized (GWO) Decision Trees to find the most salient API call patterns associated with malwares. An Iterative Fuzzy Logic (IFL) layer is also deployed before classification to assess the "trustworthiness" of app metadata samples. For Ongoing Learning, we propose use of Deep Q-Networks (DQNs), which helps the reinforcement learning model to adapt more quickly to changes in the threat landscapes. By focusing on crucial system calls and behavioral characteristics in real-time, our model captures the nuanced temporal patterns often exhibited by advanced malwares. Empirical evaluations demonstrate remarkable improvements across multiple performance metrics. Compared to existing models, our approach enhances the precision of malware identification by 8.5 %, accuracy by 5.5 %, and recall by 4.9 %, while also achieving an 8.3 % improvement in the Area Under the Receiver Operating Characteristic Curve (AUC), with higher specificity and a 4.5 % reduction in identification delay. In malware pre-emption tasks, our model outperforms by improving precision by 4.3 %, accuracy by 3.9 %, recall by 4.9 %, AUC by 3.5 %, and increasing specificity by 2.9 %. These gains make our framework highly applicable for real-time detection systems, cloud-based security solutions, and threat intelligence services, thereby contributing to a safer Android ecosystem.

Evaluating mobile applications for estimating soil properties: Quality of current apps, limitations and future directions

The estimation of soil properties is an important factor in agriculture. With the advancement of smartphones and artificial intelligence, estimating soil properties such as the Munsell soil color, pH, soil organic matter and moisture is tangible, alleviating the need for laboratories, which are time-consuming and costly. While there are several smartphone applications available in different app stores that claim to provide this functionality, an evaluation of the limitations and quality is required for these apps. The objective of this study is to identify existing soil property estimation apps, devise a soil apps rating scale to evaluate the functionality along with the software quality characteristics, and provide design guidelines for improving apps of this type. A thorough search was conducted in two prominent app stores: the Google Play and Apple App store. The selected apps were then rated by four individual raters. A total of 337 apps were found in the search and from this list, 32 selected apps were reviewed using the devised app rating scale. The rating scale evaluates the apps against ten sub-scales: app metadata, aesthetics, general app features, performance and efficiency, usability, functionality, subjective quality, transparency, user comments, and the perceived impact of the app on users. The inter-rater and intra-rater reliability are calculated along with the internal consistency of the rating scale to ensure the validity of the results. The evaluation results that returned the highest-ranking mean sub-scales were performance, usability, and aesthetics. Adversely, the lowest-ranging sub-scales were functionality and general features. There was also an evident absence of the functionality to calculate any type of soil properties in all but four of the apps reviewed. Several key design considerations were identified, such as the need for automated estimation of soil properties, an improvement of general features, and the inclusion of a shared soil database.

A Smartphone Physical Activity App for Patients in Alcohol Treatment: Single-Arm Feasibility Trial.

Alcohol use disorder (AUD) is a significant public health concern worldwide. Alcohol consumption is a leading cause of death in the United States and has a significant negative impact on individuals and society. Relapse following treatment is common, and adjunct intervention approaches to improve alcohol outcomes during early recovery continue to be critical. Interventions focused on increasing physical activity (PA) may improve AUD treatment outcomes. Given the ubiquity of smartphones and activity trackers, integrating this technology into a mobile app may be a feasible, acceptable, and scalable approach for increasing PA in individuals with AUD. This study aims to test the Fit&Sober app developed for patients with AUD. The goals of the app were to facilitate self-monitoring of PA engagement and daily mood and alcohol cravings, increase awareness of immediate benefits of PA on mood and cravings, encourage setting and adjusting PA goals, provide resources and increase knowledge for increasing PA, and serve as a resource for alcohol relapse prevention strategies. To preliminarily test the Fit&Sober app, we conducted an open pilot trial of patients with AUD in early recovery (N=22; 13/22, 59% women; mean age 43.6, SD 11.6 years). At the time of hospital admission, participants drank 72% of the days in the last 3 months, averaging 9 drinks per drinking day. The extent to which the Fit&Sober app was feasible and acceptable among patients with AUD during early recovery was examined. Changes in alcohol consumption, PA, anxiety, depression, alcohol craving, and quality of life were also examined after 12 weeks of app use. Participants reported high levels of satisfaction with the Fit&Sober app. App metadata suggested that participants were still using the app approximately 2.5 days per week by the end of the intervention. Pre-post analyses revealed small-to-moderate effects on increase in PA, from a mean of 5784 (SD 2511) steps per day at baseline to 7236 (SD 3130) steps per day at 12 weeks (Cohen d=0.35). Moderate-to-large effects were observed for increases in percentage of abstinent days (Cohen d=2.17) and quality of life (Cohen d=0.58) as well as decreases in anxiety (Cohen d=-0.71) and depression symptoms (Cohen d=-0.58). The Fit&Sober app is an acceptable and feasible approach for increasing PA in patients with AUD during early recovery. A future randomized controlled trial is necessary to determine the efficacy of the Fit&Sober app for long-term maintenance of PA, ancillary mental health, and alcohol outcomes. If the efficacy of the Fit&Sober app could be established, patients with AUD would have a valuable adjunct to traditional alcohol treatment that can be delivered in any setting and at any time, thereby improving the overall health and well-being of this population. ClinicalTrials.gov NCT02958280; https://www.clinicaltrials.gov/ct2/show/NCT02958280.

Evaluating the Adherence of Popular Diet and Nutrition Apps to Evidence-Based Guidelines for Adult Weight Management

ObjectivesTo assess the adherence of popular, commercially available diet and nutrition apps to the Academy of Nutrition and Dietetics’ Adult Weight Management (AWM) guideline recommendations and to discern associations between the guideline adherence and indicators of the perceived popularity of an app among consumers. MethodsA preliminary search for apps was conducted in Apple App Store and Google Play Store using keywords “diet” and “weight loss” in October 2020. Selection criteria screened to only include calorie-tracking apps with greater than 10 million installations, focused on weight management as a primary outcome. Apps addressing other health outcomes, disease management, or specific dietary approaches were excluded. Selected apps were assessed with iPads using a prescribed 7-day dietary intake and collected data were recorded. ResultsThere were no significant correlations between any of the individual recommendation categories and app metadata attributes (app ratings, installations, subscription cost). Greatest recommendation adherence was observed in those corresponding to nutrition intervention (n = 9 recommendations; 65.9%) and monitoring and evaluation categories (n = 2 recommendations; 75%). ConclusionsPopular, commercially available diet and nutrition apps offer limited adherence to expert guideline recommendations for adult weight management. Funding SourcesThe authors of this article disclose no funding source in support of this work.

MapperDroid: Verifying app capabilities from description to permissions and API calls

Android Applications (Apps) are usually accompanied by a text description and a permissions manifest which are expected to describe the app behaviour. However, an app may request or use more permissions than what has been described. Therefore, the permissions declared in the application manifest alone can not be interpreted as the ground truth. Recent literature reported that malicious apps under-report permissions. Such a scenario is a security and privacy risk. In this work, to discover such instances, we establish a correspondence from the application description to the permissions manifest leading to the Android API calls of the app. After experimentation on more than 25,000 random apps from Google Play Store over 19 different Android permissions, we show that a vast majority of apps understate at least one permission. This phenomenon raises data privacy and security concerns due to over-privileged application binaries. The correspondence is of significance because each additional permission corresponds to one or more sensitive or protected API calls made by the app which is not explicitly known to the user. We created a data set for our work which contains app metadata from where different permission sets are obtained. Our approach to detect under-reporting of permissions is scalable with respect to the number of apps.

Smartphone application alerts for early trauma team activation: Millennial technology in healthcare

BackgroundData access through smartphone applications (apps) has reframed procedure and policy in healthcare, but its impact in trauma remains unclear. Citizen is a free app that provides real-time alerts curated from 911 dispatch data. Our primary objective was to determine whether app alerts occurred earlier than recorded times for trauma team activation and emergency department arrival. MethodsTrauma registry entries were extracted from a level one urban trauma center from January 1, 2018 to June 30, 2019 and compared with app metadata from the center catchment area. We matched entries to metadata according to description, date, time, and location then compared metadata timestamps to trauma team activation and emergency department arrival times. We computed percentage of time the app reported traumatic events earlier than trauma team activation or emergency department arrival along with exact binomial 95% confidence interval; median differences between times were presented along with interquartile ranges. ResultsOf 3,684 trauma registry entries, 209 (5.7%) matched app metadata. App alerts were earlier for 96.1% and 96.2% of trauma team activation and emergency department arrival times, respectively, with events reported median 36 (24–53, IQR) minutes earlier than trauma team activation and 32 (25–42, IQR) minutes earlier than emergency department arrival. Registry entries for younger males, motor vehicle-related injuries and penetrating traumas were more likely to match alerts (P < .0001). ConclusionApps like Citizen may provide earlier notification of traumatic events and therefore earlier mobilization of trauma service resources. Earlier notification may translate into improved patient outcomes. Additional studies into the benefit of apps for trauma care are warranted.

Care manager perspectives on integrating an mHealth app system into clinical workflows: A mixed methods study

mHealth can be a valuable means of monitoring symptoms and supporting care for rural patients, but barriers to implementation remain. This study aimed to examine care manager perspectives on the adoption, use and impact of an mHealth system deployed within a pragmatic Collaborative Care trial for rural patients with PTSD and/or Bipolar Disorder. Sixteen care managers at 12 Federally Qualified Health Centers in 3 states participated in semi-structured interviews. Interviews were transcribed, coded, and thematically analyzed using the Unified Theory of Adoption and Use of Technology as a conceptual framework. App metadata was used to assess the frequency of a care manager reported phenomenon, clinically disengaged app use. 4 themes were identified: infrastructural limitations; redundant and incompatible clinical and mHealth workflows; cross platform and web access; and patient engagement and clinically disengaged app use. Most users had a period of consistently submitting symptom measures via the app while disengaged from care for >4 weeks.

Towards using unstructured user input request for malware detection

Privacy analysis techniques for mobile apps are mostly based on system-centric data originating from well-defined system API calls. But these apps may also collect sensitive information via their unstructured input sources that elude privacy analysis. The consequence is that users are unable to determine the extent to which apps may impact on their privacy when downloaded and installed on mobile devices. To this end, we present a privacy analysis framework for unstructured input. Our approach leverages app meta-data descriptions and taxonomy of sensitive information, to identify sensitive unstructured user input. The outcome is an understanding of the level of user privacy risk posed by an app based on its unstructured user input request. Subsequently, we evaluate the usefulness of the unstructured sensitive user input for malware detection. We evaluate our methods using 175K benign apps and 175K malware APKs. The outcome highlights that malicious app detector built on unstructured sensitive user achieve an average balance accuracy of 0.996 demonstrated with Trojan-Banker and Trojan-SMS when the malware family and target applications are known and balanced accuracy of 0.70 with generic malware.

Why Are They Collecting My Data?

Many smartphone apps collect potentially sensitive personal data and send it to cloud servers. However, most mobile users have a poor understanding of why their data is being collected. We present MobiPurpose, a novel technique that can take a network request made by an Android app and then classify the data collection purposes, as one step towards making it possible to explain to non-experts the data disclosure contexts. Our purpose inference works by leveraging two observations: 1) developer naming conventions (e.g., URL paths) of ten offer hints as to data collection purposes, and 2) external knowledge, such as app metadata and information about the domain name, are meaningful cues that can be used to infer the behavior of different traffic requests. MobiPurpose parses each traffic request body into key-value pairs, and infers the data type and data collection purpose of each key-value pair using a combination of supervised learning and text pattern bootstrapping. We evaluated MobiPurpose's effectiveness using a dataset cross-labeled by ten human experts. Our results show that MobiPurpose can predict the data collection purpose with an average precision of 84% (among 19 unique categories).

Spam Mobile Apps

The increased popularity of smartphones has attracted a large number of developers to offer various applications for the different smartphone platforms via the respective app markets. One consequence of this popularity is that the app markets are also becoming populated with spam apps. These spam apps reduce the users’ quality of experience and increase the workload of app market operators to identify these apps and remove them. Spam apps can come in many forms such as apps not having a specific functionality, those having unrelated app descriptions or unrelated keywords, or similar apps being made available several times and across diverse categories. Market operators maintain antispam policies and apps are removed through continuous monitoring. Through a systematic crawl of a popular app market and by identifying apps that were removed over a period of time, we propose a method to detect spam apps solely using app metadata available at the time of publication. We first propose a methodology to manually label a sample of removed apps, according to a set of checkpoint heuristics that reveal the reasons behind removal. This analysis suggests that approximately 35% of the apps being removed are very likely to be spam apps. We then map the identified heuristics to several quantifiable features and show how distinguishing these features are for spam apps. We build an Adaptive Boost classifier for early identification of spam apps using only the metadata of the apps. Our classifier achieves an accuracy of over 95% with precision varying between 85% and 95% and recall varying between 38% and 98%. We further show that a limited number of features, in the range of 10--30, generated from app metadata is sufficient to achieve a satisfactory level of performance. On a set of 180,627 apps that were present at the app market during our crawl, our classifier predicts 2.7% of the apps as potential spam. Finally, we perform additional manual verification and show that human reviewers agree with 82% of our classifier predictions.