SIS Research Seminar by SU Mon Kywe

To ensure quality and trustworthiness of mobile apps, Google Play store imposes various developer policies. Once an app is reported for exhibiting policy-violating behaviors, it is removed from the store to protect users. Currently, Google Play store relies on mobile users’ feedbacks to identify policy violations. Our paper takes the first step towards understanding these policy-violating apps. First, we crawl 302 Android apps, which are reported in the Reddit forum by mobile users for policy violations and are later removed from the Google Play store. Second, we perform empirical analysis, which reveals that many violating behaviors have not been studied well by industry or research communities. We discover that 53% of the reported apps are either copying popular apps or violating copy-rights or trademarks of brands. Moreover, 49% of reported apps are violating ads policies by sending push notifications, adding homescreen icon and changing browser settings. Only 8% show malware-like behaviors, such as downloading malicious files to users’ mobile phones. Based on our empirical analysis results, we extract 175 features for differentiating bad apps from benign apps. Our features cover use of brand names and other keywords, third-party libraries, network activities, meta data, permissions, and suspicious API calls originated from third-party libraries. We then apply 10 machine learning classifiers on the extracted features to detect reported bad apps. Our experiment result shows that the best algorithm can detect them with 86.80% true positive rate and 13.6% false positive rate. On the other hand, the same samples of policy violating apps are detected by VirusTotal with true positive rate of 55.63% and false positive rate of 17.48%.

This paper is accepted by the 11th IEEE International Conference on Malicious and Unwanted Software (Malcon 2016).