Michael C. Grace,Yajin Zhou,Qiang Zhang,Shihong Zou,Xuxian Jiang

DOI: https://doi.org/10.1145/2307636.2307663

2012-01-01

Abstract:ABSTRACTSmartphone sales have recently experienced explosive growth. Their popularity also encourages malware authors to penetrate various mobile marketplaces with malicious applications (or apps). These malicious apps hide in the sheer number of other normal apps, which makes their detection challenging. Existing mobile anti-virus software are inadequate in their reactive nature by relying on known malware samples for signature extraction. In this paper, we propose a proactive scheme to spot zero-day Android malware. Without relying on malware samples and their signatures, our scheme is motivated to assess potential security risks posed by these untrusted apps. Specifically, we have developed an automated system called RiskRanker to scalably analyze whether a particular app exhibits dangerous behavior (e.g., launching a root exploit or sending background SMS messages). The output is then used to produce a prioritized list of reduced apps that merit further investigation. When applied to examine 118,318 total apps collected from various Android markets over September and October 2011, our system takes less than four days to process all of them and effectively reports 3281 risky apps. Among these reported apps, we successfully uncovered 718 malware samples (in 29 families) and 322 of them are zero-day (in 11 families). These results demonstrate the efficacy and scalability of RiskRanker to police Android markets of all stripes.

Yiming Jing,Gail-Joon Ahn,Ziming Zhao,Hongxin Hu

DOI: https://doi.org/10.1109/tdsc.2014.2366457

2015-09-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Mobile operating systems, such as Apple's iOS and Google's Android, have supported a ballooning market of feature-rich mobile applications. However, helping users understand and mitigate security risks of mobile applications is still an ongoing challenge. While recent work has developed various techniques to reveal suspicious behaviors of mobile applications, there exists little work to answer the following question: are those behaviors necessarily inappropriate? In this paper, we seek an approach to cope with such a challenge and present a continuous and automated risk assessment framework called RiskMon that uses machine-learned ranking to assess risks incurred by users' mobile applications, especially Android applications. RiskMon combines users' coarse expectations and runtime behaviors of trusted applications to generate a risk assessment baseline that captures appropriate behaviors of applications. With the baseline, RiskMon assigns a risk score on every access attempt on sensitive information and ranks applications by their cumulative risk scores. Furthermore, we demonstrate how RiskMon supports risk mitigation with automated permission revocation. We also discuss a proof-of-concept implementation of RiskMon as an extension of the Android mobile platform and provide both system evaluation and usability study of our methodology.

computer science, information systems, software engineering, hardware & architecture

Mahmood Deypir,Toktam Zoughi

DOI: https://doi.org/10.13052/jwe1540-9589.2343

2024-08-08

Journal of Web Engineering

Abstract:The Android operating system has a dominant market for use within a wide range of devices. Along with the widespread growth of the use of the Android system and the development of a huge number of apps for this operating system, new malicious apps are released daily by adversaries, which are difficult to identify and deal with. This is due to them using sophisticated techniques and strikes. Although there are a diverse range of classification models and risk estimation metrics for identifying malware in this operating system, there is still a requirement for more effective approaches in this context. In this paper, we present a new algorithm to calculate the security risk score of Android apps, which can be used to identify malicious apps from benign ones. This algorithm uses a novel technique named twin k-nearest neighbor. In this technique, to estimate the security risk of an unknown app, its nearest neighbors to malicious apps and its nearest neighbors to normal apps are computed separately using an appropriate distance formula. Then, the security risk of the input app can be computed using a simple formulation. In this formulation, the average distances of both k-nearest malicious apps and k-nearest non-malicious apps to the input app are used. In this way, the proposed method can calculate a high security risk for malware and a lower security risk for goodware. Experimental evaluations on real datasets show that the proposed algorithm has better performance over the previously proposed ones in terms of detection rate, precision, recall, and f1-score.

computer science, theory & methods, software engineering

Lingfeng Bao,David Lo,Xin Xia,Shanping Li

DOI: https://doi.org/10.1007/s11432-016-9072-3

2017-01-01

Abstract:The number of Android applications has increased rapidly as Android is becoming the dominant platform in the smartphone market. Security and privacy are key factors for an Android application to be successful. Android provides a permission mechanism to ensure security and privacy. This permission mechanism requires that developers declare the sensitive resources required by their applications. On installation or during runtime, users are required to agree with the permission request. However, in practice, there are numerous popular permission misuses, despite Android introducing official documents stating how to use these permissions properly. Some data mining techniques (e.g., association rule mining) have been proposed to help better recommend permissions required by an API. In this paper, based on popular techniques used to build recommendation systems, we propose two novel approaches to improve the effectiveness of the prior work. The first approach utilizes a collaborative filtering technique, which is inspired by the intuition that apps that have similar features — inferred from their APIs — usually share similar permissions. The second approach recommends permissions based on a text mining technique that uses a naive Bayes multinomial classification algorithm to build a prediction model by analyzing descriptions of apps. To evaluate these two approaches, we use 936 Android apps from F-Droid, which is a repository of free and open source Android applications. We find that our proposed approaches yield a significant improvement in terms of precision, recall, F1-score, and MAP of the top-k results over the baseline approach.

Chiachih Wu,Yajin Zhou,Kunal Patel,Zhenkai Liang,Xuxian Jiang

DOI: https://doi.org/10.14722/ndss.2014.23164

2014-01-01

Abstract:Recent years have experienced explosive growth of smartphone sales. Inevitably, the rise in the popularity of smartphones also makes them an attractive target for attacks. In light of these threats, current mobile platform providers have developed various server-side vetting processes to block malicious applications (“apps”). While helpful, they are still far from ideal in achieving their goals. To make matters worse, the presence of alternative (less-regulated) mobile marketplaces also opens up new attack vectors, which necessitate client-side solutions (e.g., mobile anti-virus software) to run on mobile devices. However, existing client-side solutions still exhibit limitations in their capability or deployability. In this paper, we present AirBag, a lightweight OS-level virtualization approach to enhance the popular Android platform and boost our defense capability against mobile malware infection. Assuming a trusted smartphone OS kernel and the fact that untrusted apps will be eventually installed onto users’ phones, AirBag is designed to isolate and prevent them from infecting our normal systems (e.g., corrupting the phone firmware) or stealthily leaking private information. More specifically, by dynamically creating an isolated runtime environment with its own dedicated namespace and virtualized system resources, AirBag not only allows for transparent execution of untrusted apps, but also effectively mediates their access to various system resources or phone functionalities (e.g., SMSs or phone calls). We have implemented a proof-of-concept prototype on three representative mobile devices, i.e., Google Nexus One, Nexus 7, and Samsung Galaxy S III. The evaluation results with a number of untrusted apps, including real-world mobile malware, demonstrate its practicality and effectiveness.

Jing Chen,Chiheng Wang,Kun He,Ziming Zhao,Min Chen,Ruiying Du,Gail-Joon Ahn

DOI: https://doi.org/10.1109/TDSC.2018.2871682

2021-01-01

Abstract:Most of the existing mobile application (app) vetting mechanisms only estimate risks at a coarse-grained level by analyzing app syntax but not semantics. We propose a semantics-aware privacy risk assessment framework (SPRisk), which considers the sensitivity discrepancy of privacy-related factors at semantic level. Our framework can provide qualitative (i.e., risk level) and quantitative (i.e., risk score) assessment results, both of which help users make decisions to install an app or not. Furthermore, to find the reasonable weight distribution of each factor automatically, we exploit a self-learning weight assignment method, which is based on fuzzy clustering and knowledge dependency theory. We implement a prototype system and evaluate the effectiveness of SPRisk with 192,445 normal apps and 7,111 malicious apps. A measurement study further reveals some interesting findings, such as the privacy risk distribution of Google Play Store, the diversity of official and unofficial marketplaces, which provide insights into understanding the seriousness of privacy threat in the Android ecosystem.

Abdullah Ozbay,Kemal Bicakci

DOI: https://doi.org/10.48550/arXiv.2203.10583

2022-03-20

Cryptography and Security

Abstract:Android devices are equipped with many pre-installed applications which have the capability of tracking and monitoring users. Although applications coming pre-installed pose a great danger to user security and privacy, they have received little attention so far among researchers in the field. In this study, we collect a dataset comprising such applications and make it publicly available. Using this dataset, we analyze tracker SDKs, manifest files and the use of cloud services and report our results. We also conduct a user survey to understand concerns and perceptions of users. Last but not least, we present a risk scoring system which assigns scores for smart phones consolidating our findings based on carefully weighted criteria. With this scoring system, users could give their own trust decisions based on the available concise information about the security and privacy impacts of applications pre-installed on their Android devices.

Silvia Lucia Sanna,Diego Soi,Davide Maiorca,Giorgio Fumera,Giorgio Giacinto

2024-06-04

Abstract:Android is the most used Operating System worldwide for mobile devices, with hundreds of thousands of apps downloaded daily. Although these apps are primarily written in Java and Kotlin, advanced functionalities such as graphics or cryptography are provided through native C/C++ libraries. These libraries can be affected by common vulnerabilities in C/C++ code (e.g., memory errors such as buffer overflow), through which attackers can read/modify data or execute arbitrary code. The detection and assessment of vulnerabilities in Android native code have only been recently explored by previous research work. In this paper, we propose a fast risk-based approach that provides a risk score related to the native part of an Android application. In this way, before an app is released, the developer can check if the app may contain vulnerabilities in the Native Code and, if present, patch them to publish a more secure application. To this end, we first use fast regular expressions to detect library versions and possible vulnerable functions. Then, we apply scores extracted from a vulnerability database to the analyzed application, thus obtaining a risk score representative of the whole app. We demonstrate the validity of our approach by performing a large-scale analysis on more than $100,000$ applications (but only $40\%$ contained native code) and $15$ popular libraries carrying known vulnerabilities. The attained results show that many applications contain well-known vulnerabilities that miscreants can potentially exploit, posing serious concerns about the security of the whole Android applications landscape.

Cryptography and Security

Ai Gong,Yi Zhong,Weiqin Zou,Yangyang Shi,Chunrong Fang

DOI: https://doi.org/10.1109/qrs51102.2020.00017

2020-01-01

Abstract:With the wide-spread use of Android applications in people’s daily life, it becomes more and more important to timely identify the security problems of these applications. To enrich existing studies in guarding the security and privacy of Android applications, we attempted to predict the security risk levels of Android applications. Specifically, we proposed an approach that incorporated Android code smells into traditional Java code metrics to predict how secure an Android application is. With an evaluation of our technique on 3,680 Android applications, we found that: (1) Android code smells could help improve the performance of security risk prediction of Android applications; (2) By building a Random Forest model based on Android code smells and Java code metrics, we could achieve an Area Under Curve (AUC) of 0.97; (3) Android code smells such as member ignoring method (MIM) and leaking inner class (LIC) have a relatively-large influence on Android security risk prediction, to which developers should pay more attention during their application development.

Bin Pan,Hongxia Guo,Xing You,Li Xu

DOI: https://doi.org/10.4018/jgim.20220701.oa5

2022-08-01

Journal of Global Information Management

Abstract:With the advent of the 5G network era, the convenience of mobile smartphones has become increasingly prominent, the use of mobile applications has become wider and wider, and the number of mobile applications. However, the privacy of mobile applications and the security of users' privacy information are worrying. This article aims to study the ratings of data and machine learning on the privacy security of mobile applications, and uses the experiments in this article to conduct data collection, data analysis, and summary research. This paper experimentally establishes a machine learning model to realize the prediction of privacy scores of Android applications. The establishment of this model is based on the intent of using sensitive permissions in the application and related metadata. It is to create a regression function that can implement the mapping of applications to score . Experimental data shows that the feature vector prediction model can uniquely be used to represent the actual usage and scheme of a system's specific permissions for the application.

information science & library science

Cong Sun,Xinpeng Xu,Yafei Wu,Dongrui Zeng,Gang Tan,Siqi Ma,Peicheng Wang

DOI: https://doi.org/10.48550/arXiv.2112.06146

2023-05-14

Abstract:The misunderstanding and incorrect configurations of cryptographic primitives have exposed severe security vulnerabilities to attackers. Due to the pervasiveness and diversity of cryptographic misuses, a comprehensive and accurate understanding of how cryptographic misuses can undermine the security of an Android app is critical to the subsequent mitigation strategies but also challenging. Although various approaches have been proposed to detect cryptographic misuse in Android apps, studies have yet to focus on estimating the security risks of cryptographic misuse. To address this problem, we present an extensible framework for deciding the threat level of cryptographic misuse in Android apps. Firstly, we propose a general and unified specification for representing cryptographic misuses to make our framework extensible and develop adapters to unify the detection results of the state-of-the-art cryptographic misuse detectors, resulting in an adapter-based detection tool chain for a more comprehensive list of cryptographic misuses. Secondly, we employ a misuse-originating data-flow analysis to connect each cryptographic misuse to a set of data-flow sinks in an app, based on which we propose a quantitative data-flow-driven metric for assessing the overall risk of the app introduced by cryptographic misuses. To make the per-app assessment more useful for app vetting at the app-store level, we apply unsupervised learning to predict and classify the top risky threats to guide more efficient subsequent mitigation. In the experiments on an instantiated implementation of the framework, we evaluate the accuracy of our detection and the effect of data-flow-driven risk assessment of our framework. Our empirical study on over 40,000 apps and the analysis of popular apps reveal important security observations on the real threats of cryptographic misuse in Android apps.

Cryptography and Security

Kumar, Pawan

DOI: https://doi.org/10.1007/s11042-023-18066-y

IF: 2.577

2024-01-18

Multimedia Tools and Applications

Abstract:Security Testing of Android Applications is a difficult issue. Malicious apps are a threat to the Android platform's security. Traditional solutions are insufficient as the volume of malicious applications grows day by day. Android smartphones are now constantly exposed to new malware because of this predicament. Recent studies have demonstrated that machine learning is effective at spotting Android malware.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Xiao-Chuan MIAO,Rui WANG,Lei XU,Wei-Feng ZHANG,Bao-Wen XU

DOI: https://doi.org/10.13328/j.cnki.jos.005177

2017-01-01

Abstract:Android system dominates the mobile operating systems at present.Compared with iOS system,Android system is more open and has lots of third-party markets with loose audit mechanism.Therefore,there are more malwares in Android platform.In this paper,an Android security analysis based on sensitive path identification,which includes the static analysis and machine learning methods,is presented.Firstly,since malicious behaviors in malwares have their trigger conditions,the definition of sensitive path is provided.Secondly,a method is proposed to generate the inter-component call graph based on APK files base in the fact that there are a lot of inter-component call relations in Android applications.Thirdly,since the sensitive paths cannot be directly used as features,a method is designed to abstract the sensitive paths.Finally,493 applications APK files are collected from Android markets and the existing data sets,such as Google Play,Wandoujia and Drebin,to construct a benchmark.Experiments indicate that the proposed method has higher accuracy (97.97％) than the method based on API-feature (90.47％),and its precision,recall and F-measure are also better than API-feature method.Furthermore,the scale of the APK file has influence to the experiment results,especially in analyzing time (when the APK files are within 0-4MB,the average analyzing time is 89 seconds;and when the files become larger,the time increases significantly).

Pawan Kumar,Sukhdip Singh

DOI: https://doi.org/10.1007/s11042-024-19517-w

IF: 2.577

2024-06-21

Multimedia Tools and Applications

Abstract:An enormous amount of applications that are available for download permits users to enhance the functionality of the devices with brand-new features, which is a significant factor in the growing popularity of smartphones and tablets. In reality, third-party applications for business and entertainment are abundantly available in official stores, with the majority of them being offered for free. However, vulnerable applications may expose private information (such as emails, global GPS location, financial information, and phone contacts). To overcome these issues, the log files are collected for normalizing and selecting the features related to the behaviour and activities using the Min–Max and Recursive Feature Elimination (RFE) based on the MLP. The selected features are learned by using the ensemble learning algorithm, which is a stacking of Bi-directional Long Short Term Memory (Bi-LSTM), Deep Neural Network (DBN) and Radial Basis Functional Network (RBFN) giving the collected learned features from each algorithm to the Meta classifier for predicting the malware. The ensemble learning algorithm then feeds the gathered learned features from each method to the Meta classifier for malware prediction. The suggested strategy protects users' privacy by alerting them when it detects malicious apps and removing them. Accuracy, Precision, Specificity, and Kappa performance measures are assessed and contrasted with the proposed and current models. The proposed model achieved performance metrics values are 99.78%, 99.56%, 99.85% and 98.89%. Thus, the security testing for Android applications based on behaviour and activities using RFE-MLP and Ensemble classifier performs better than the existing model.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Sen Chen,Lingling Fan,Guozhu Meng,Ting Su,Minhui Xue,Yinxing Xue,Yang Liu,Lihua Xu

DOI: https://doi.org/10.48550/arXiv.1805.05236

2020-02-18

Abstract:Mobile banking apps, belonging to the most security-critical app category, render massive and dynamic transactions susceptible to security risks. Given huge potential financial loss caused by vulnerabilities, existing research lacks a comprehensive empirical study on the security risks of global banking apps to provide useful insights and improve the security of banking apps. Since data-related weaknesses in banking apps are critical and may directly cause serious financial loss, this paper first revisits the state-of-the-art available tools and finds that they have limited capability in identifying data-related security weaknesses of banking apps. To complement the capability of existing tools in data-related weakness detection, we propose a three-phase automated security risk assessment system, named AUSERA, which leverages static program analysis techniques and sensitive keyword identification. By leveraging AUSERA, we collect 2,157 weaknesses in 693 real-world banking apps across 83 countries, which we use as a basis to conduct a comprehensive empirical study from different aspects, such as global distribution and weakness evolution during version updates. We find that apps owned by subsidiary banks are always less secure than or equivalent to those owned by parent banks. In addition, we also track the patching of weaknesses and receive much positive feedback from banking entities so as to improve the security of banking apps in practice. To date, we highlight that 21 banks have confirmed the weaknesses we reported. We also exchange insights with 7 banks, such as HSBC in UK and OCBC in Singapore, via in-person or online meetings to help them improve their apps. We hope that the insights developed in this paper will inform the communities about the gaps among multiple stakeholders, including banks, academic researchers, and third-party security companies.

Cryptography and Security

Milda Petraityte,Ali Dehghantanha,Gregory Epiphaniou

DOI: https://doi.org/10.1007/978-3-319-73951-9_11

2018-07-27

Abstract:Various researchers have shown that the Common Vulnerability Scoring System (CVSS) has many drawbacks and may not provide a precise view of the risks related to software vulnerabilities. However, many threat intelligence platforms and industry-wide standards are relying on CVSS score to evaluate cybersecurity compliance. This paper suggests several improvements to the calculation of Impact and Exploitability sub-scores within the CVSS, improve its accuracy and help threat intelligence analysts to focus on the key risks associated with their assets. We will apply our suggested improvements against risks associated with several Android and iOS applications and discuss achieved improvements and advantages of our modelling, such as the importance and the impact of time on the overall CVSS score calculation.

Cryptography and Security

Zhaoxuan Li,Ziming Zhao,Rui Zhang,Haoyang Lu,Wenhao Li,Fan Zhang,Siqi Lu,Rui Xue

DOI: https://doi.org/10.1016/j.comnet.2024.110563

IF: 5.493

2024-01-01

Computer Networks

Abstract:The continuous emergence of malware has threatened to the Android platform and user privacy. With the evolution of the Android system and malware, it is challenging to design a method that can accurately identify the categories of sophisticated malware, including known and unknown families, as well as their obfuscated variants, given that they may be newly emerging and lack available detection knowledge. Although some methods try to use anomaly detection and zero-shot technology to identify unseen applications, they are limited to binary classification or lack the robustness, stability, universality, and interpretability in multi-class identification. To this end, we first propose a generic meta-features mining algorithm, which can discover the potential relationships between samples belonging to the same category. Then we present metaNet, a novel method leveraging meta-features to identify sophisticated Android malware. Specifically, metaNet is mainly powered by four components: (i) mExtractor is a feature collector to obtain the static and dynamic features. (ii) mProcessor is taking unique meta-features of each category from extracted features. (iii) mLearner is a machine learning suite that leverages features and meta-features to design and train a classifier called HSU-Net. (iv) mEnforcer is a flexible deployer that identifies categories of malware families in the real world. We implement a prototype of metaNet with 15K lines of Python code and compare it with state-of-the-art (SOTA) methods. The results show that it can not only achieve superior performance in terms of known families (99.52% of accuracy) and unknown families (99.31% of accuracy trained with 80% known families) for binary classification, but also perform well in multi-class identification, i.e., 99.05% and 93.45% of accuracy for known and unknown families, respectively. Furthermore, we deploy and evaluate metaNet in the real world. It can identify applications over an acceptable time and memory overheads, i.e., average of 11.8s and 56MB per sample with a size of 8MB. Also, the few-shot detection and feature perturbation experiments reflect its robustness and stability benefiting from meta-features. Finally, we collect the traffic of 112 decentralized applications (DApps) belonging to 16 categories, such as finance and health, and evaluated metaNet in DApp identification. The results illustrate its applicability across various tasks. That is, it can accurately classify 94.6% and 81.36% of DApp flows in all-known and 80%-known DApp scenarios, respectively, outperforming the SOTA methods.

Jianlin Xu,Yifan Yu,Zhen Chen,Bin Cao,Wenyu Dong,Yu Guo,Junwei Cao

DOI: https://doi.org/10.1109/tst.2013.6574680

2013-01-01

Tsinghua Science & Technology

Abstract:With the explosive increase in mobile apps, more and more threats migrate from traditional PC client to mobile device. Compared with traditional Win+Intel alliance in PC, Android+ARM alliance dominates in Mobile Internet, the apps replace the PC client software as the major target of malicious usage. In this paper, to improve the security status of current mobile apps, we propose a methodology to evaluate mobile apps based on cloud computing platform and data mining. We also present a prototype system named MobSafe to identify the mobile app's virulence or benignancy. Compared with traditional method, such as permission pattern based method, MobSafe combines the dynamic and static analysis methods to comprehensively evaluate an Android app. In the implementation, we adopt Android Security Evaluation Framework (ASEF) and Static Android Analysis Framework (SAAF), the two representative dynamic and static analysis methods, to evaluate the Android apps and estimate the total time needed to evaluate all the apps stored in one mobile app market. Based on the real trace from a commercial mobile app market called AppChina, we can collect the statistics of the number of active Android apps, the average number apps installed in one Android device, and the expanding ratio of mobile apps. As mobile app market serves as the main line of defence against mobile malwares, our evaluation results show that it is practical to use cloud computing platform and data mining to verify all stored apps routinely to filter out malware apps from mobile app markets. As the future work, MobSafe can extensively use machine learning to conduct automotive forensic analysis of mobile apps based on the generated multifaceted data in this stage.

rahul pandita,xusheng xiao,wei yang,william enck,tao xie

2013-01-01

Abstract:Application markets such as Apple's App Store and Google's Play Store have played an important role in the popularity of smartphones and mobile devices. However, keeping malware out of application markets is an ongoing challenge. While recent work has developed various techniques to determine what applications do, no work has provided a technical approach to answer, what do users expect? In this paper, we present the first step in addressing this challenge. Specifically, we focus on permissions for a given application and examine whether the application description provides any indication for why the application needs a permission. We present WHYPER, a framework using Natural Language Processing (NLP) techniques to identify sentences that describe the need for a given permission in an application description. WHYPER achieves an average precision of 82.8%, and an average recall of 81.5% for three permissions (address book, calendar, and record audio) that protect frequently-used security and privacy sensitive resources. These results demonstrate great promise in using NLP techniques to bridge the semantic gap between user expectations and application functionality, further aiding the risk assessment of mobile applications.

Weixian Yao,Yexuan Li,Weiye Lin,Tianhui Hu,Imran Chowdhury,Rahat Masood,Suranga Seneviratne

DOI: https://doi.org/10.48550/arXiv.2007.03905

2020-07-08

Abstract:Third-party security apps are an integral part of the Android app ecosystem. Many users install them as an extra layer of protection for their devices. There are hundreds of such security apps, both free and paid in Google Play Store and some of them are downloaded millions of times. By installing security apps, the smartphone users place a significant amount of trust towards the security companies who developed these apps, because a fully functional mobile security app requires access to many smartphone resources such as the storage, text messages and email, browser history, and information about other installed applications. Often these resources contain highly sensitive personal information. As such, it is essential to understand the mobile security apps ecosystem to assess whether is it indeed beneficial to install them. To this end, in this paper, we present the first empirical study of Android security apps. We analyse 100 Android security apps from multiple aspects such as metadata, static analysis, and dynamic analysis and presents insights to their operations and behaviours. Our results show that 20% of the security apps we studied potentially resell the data they collect from smartphones to third parties; in some cases, even without the user consent. Also, our experiments show that around 50% of the security apps fail to identify malware installed on a smartphone.

Cryptography and Security