Content area
Full Text
Abstract
In this paper, we discuss the possible threat of malware applications on the Android operating system. We describe the Android OS and the general structure of Android applications. We present the current state of virus protection for Android as well as different approaches used in protecting Android from malicious applications. We propose SpyNot, a framework for vetting Android apps for security flaws. This framework relies on data gathered from the Android Market including the category of the application as well as the permissions it is granted. This framework also uses Hadoop, an open source MapReduce tool. SpyNot could be used as part of a tool to support Defense Advanced Research Projects Agency's (DARPA) Transformative Apps [19] to scan Android apps to expose potential security flaws. We present the results, and discuss the implications of our findings.
1. Introduction
With the increased prevalence of smart phones, people are essentially able to carry a small computer in their pocket. They can check their email, browse the Web, and most recently, purchase and install applications onto their device. While this certainly enhances the user experience, it also puts the user at risk of installing malicious software onto their mobile device. Some could argue that there is no reason for malicious applications to exist on mobile devices; however, the information accessible on a user's mobile device could be extremely valuable. Another reason there is potential for an emergence of malicious applications is the massive growth of the smart phone market. The fourth quarter of 2010 saw 101 million smartphones sold to consumers [I]. In fact, a recent study shows that in the fourth quarter of 2010, more smartphones were shipped than PCs [I]. Obviously, protection of some sort will be necessary to curb the potential threat of malware infecting millions of smartphones. Another potential problem is not necessarily malicious applications but personal data security. Applications could be completely legitimate; however, they could be accessing personal information to sell to advertisers. While not necessarily malicious, there are many ethical and moral issues related to this problem, which makes the task of detecting malicious applications on mobile operating systems such as Android extremely difficult. Our approach relies less on analyzing an application in extreme detail, but more on analyzing...