A Characterization of Malicious Android Applications

Smartphones are becoming pervasive–2010 sales have jumped 55% compared to 2009, and IDC estimates that 269 million units will be sold worldwide in 2010. Smartphone applications (apps) offer a wide range of financial, social, health, scientific, and even military capabilities on the go. However, mobile access to GPS location, camera, Internet, calendar, contacts, and other sensitive information can lead to inadvertent security risks, and this problem is exacerbated by the rapid evolution of smartphone hardware and software platforms. Today, smartphone application developers are largely on their own to ensure that they access sensitive resources safely and that they do not inadvertently allow access by untrusted third parties. Malicious Android apps masquerade as legitimate applications, but use the phone for nefarious purposes, e.g., for financial gains. These malicious apps are able to take advantage of the rapid evolution and developer freedom of the Android market to exploit applications to gather security-sensitive data, enlist the phone into premium services, and more. To effectively thwart malicious apps, their behavior must be further studied and dissected to understand exactly what the specific exploits are, what they do, and what reoccurring patterns and structures these malicious applications use. In this paper we perform such a study, that provides a characterization of the behavior of 12 malicious apps. This study is a step towards recognizing and mitigating the threat posed by malicious Android apps.