Abstract
As the most popular platform, Android dominates the mobile device market. In order to enrich the functions of the phone and facilitate the utilization of users, more and more Android applications have been developed. Unfortunately, a greatly increasing amount of malware targeting the Android platform mingle with the numerous benign applications and hide in almost every market, even the official market Google Play. Therefore, it is a pressing concern about how to measure and assess the risk of such apps. In this paper, we propose a novel approach to deal with this problem. First of all, through the empirical analysis with market-scale dataset, we verify the following fact: for a set of benign applications in the same category, the type and number of permissions they request are similar and consistent in general. Hence, for the benign applications in each category, we can construct a standard permission vector model, which can be used as a baseline to measure and assess the risk of applications in the category. For a downloaded app, we extract its requested permissions to form a permission vector, whose deviation from the baseline can be calculated by employing Euclidean distance and weighted Euclidean distance. The deviation can be used as metric to measure and assess the risk of the app. Finally, an experiment on real-world dataset, consisting of 7737 market apps and 1260 malware samples, is conducted to evaluate our method. The empirical result validates the effectiveness of our approach to help users understand the risk when they decide to install an app.