Detecting Malware In Android Stores

We recently publishing a paper in Digital Investigation on the detection of malware within Android marketplaces [here]. For this we analysed marketplaces in China, Russia and Europe, and found a significant number of malware infections on Android apps.

Using the tool designed and implemented in previous sections it was possible to obtain detection data from 9,000 APKs. To begin to analyse the paper’s results, an overall view of the downloaded and scanned APKs is plotted to a pie chart, so to show a realistic proportion of detected applications. As can be deduced from the figure below, analysing a total of nine marketplaces spread through Europe, China and Russia, 64% of the downloaded APKs scanned via VirusTotal result as Negative (or genuine). Only 5% of the total APKs have been detected from more than 5 AVs but it is still circa 450 malicious APKs.

Furthermore, 31% of the total downloaded APKs are still unknown because they have never been uploaded to VirusTotal.At this point, it is important to remember that these statistics are based on AV detections and for this reason, it means that it is not guaranteed that the 64% of the applications are completely safe, although it is more likely…