Skip to main content
SpringerLink
Log in

AndRadar: Fast Discovery of Android Applications in Alternative Markets

  • Conference paper
Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8550))

Abstract

Compared to traditional desktop software, Android applications are delivered through software repositories, commonly known as application markets. Other mobile platforms, such as Apple iOS and BlackBerry OS also use the marketplace model, but what is unique to Android is the existence of a plethora of alternative application markets. This complicates the task of detecting and tracking Android malware. Identifying a malicious application in one particular market is simply not enough, as many instances of this application may exist in other markets. To quantify this phenomenon, we exhaustively crawled 8 markets between June and November 2013. Our findings indicate that alternative markets host a large number of ad-aggressive apps, a non-negligible amount of malware, and some markets even allow authors to publish known malicious apps without prompt action.

Motivated by these findings, we present AndRadar, a framework for discovering multiple instances of a malicious Android application in a set of alternative application markets. AndRadar scans a set of markets in parallel to discover similar applications. Each lookup takes no more than a few seconds, regardless of the size of the marketplace. Moreover, it is modular, and new markets can be transparently added once the search and download URLs are known.

Using AndRadar we are able to achieve three goals. First, we can discover malicious applications in alternative markets, second, we can expose app distribution strategies used by malware developers, and third, we can monitor how different markets react to new malware. During a three-month evaluation period, AndRadar tracked over 20,000 apps and recorded more than 1,500 app deletions in 16 markets. Nearly 8% of those deletions were related to apps that were hopping from market to market. The most established markets were able to react and delete new malware within tens of days from the malicious app publication date while other markets did not react at all.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anubis, http://anubis.iseclab.org

  2. VirusShare, http://www.virusshare.com

  3. VirusTotal, http://www.virustotal.com

  4. Barrera, D., Clark, J., McCarney, D., van Oorschot, P.C.: Understanding and Improving App Installation Security Mechanisms Through Empirical Analysis of Android. In: Proceedings of the 2nd ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM (2012)

    Google Scholar 

  5. Chakradeo, S., Reaves, B., Traynor, P., Enck, W.: MAST: Triage for Market-scale Mobile Malware Analysis. In: Proceedings of the 6th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec (2013)

    Google Scholar 

  6. Chen, H.: Underground Economy of Android Application Plagiarism. In: Proceedings of the 1st International Workshop on Security in Embedded Systems and Smartphones, SESP (2013)

    Google Scholar 

  7. Crussell, J., Gibler, C., Chen, H.: Attack of the Clones: Detecting Cloned Applications on Android Markets. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 37–54. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  8. Desnos, A., Gueguen, G.: Android: From Reversing To Decompilation. In: Black Hat Abu Dhabi (2011)

    Google Scholar 

  9. Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A Study of Android Application Security. In: Proceedings of the 20th USENIX Security Symposium (2011)

    Google Scholar 

  10. F-Secure: Threat Report H2 2013. (March 2014), http://www.f-secure.com/static/doc/labs_global/Research/Threat_Report_H2_2013.pdf

  11. Gibler, C., Stevens, R., Crussell, J., Chen, H., Zang, H., Choi, H.: AdRob: Examining the Landscape and Impact of Android Application Plagiarism. In: Proceedings of 11th International Conference on Mobile Systems, Applications and Services, MobiSys (2013)

    Google Scholar 

  12. Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: RiskRanker: Scalable and Accurate Zero-day Android Malware Detection. In: Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services, MobiSys (2012)

    Google Scholar 

  13. Gu, L.: The Mobile Cybercriminal Underground Market in China. Tech. rep., Trend Micro (March 2014), http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-mobile-cybercriminal-underground-market-in-china.pdf

  14. Hanna, S., Huang, L., Wu, E., Li, S., Chen, C., Song, D.: Juxtapp: A Scalable System for Detecting Code Reuse among Android Applications. In: Flegel, U., Markatos, E., Robertson, W. (eds.) DIMVA 2012. LNCS, vol. 7591, pp. 62–81. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  15. IDC: Apple Cedes Market Share in Smartphone Operating System Market as Android Surges and Windows Phone Gains. (August 2013), http://www.idc.com/getdoc.jsp?containerId=prUS24257413

  16. Lever, C., Antonakakis, M., Reaves, B., Traynor, P., Lee, W.: The Core of the Matter: Analyzing Malicious Traffic in Cellular Carriers. In: Proceedings of the 20th Annual Network & Distributed System Security Symposium, NDSS (2013)

    Google Scholar 

  17. Ludwig, A., Davis, E., Larimer, J.: Android - Practical Security From the Ground Up. In: Virus Bulletin Conference (2013)

    Google Scholar 

  18. Maggi, F., Valdi, A., Zanero, S.: AndroTotal: A Flexible, Scalable Toolbox and Service for Testing Mobile Malware Detectors. In: Proceedings of the 3rd Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM (2013)

    Google Scholar 

  19. McAfee Labs: McAfee Threats Report: Second Quarter (August 2013), http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q2-2013.pdf

  20. One Platform Foundation: List of Android Appstores, http://www.onepf.org/appstores/

  21. Petsas, T., Papadogiannakis, A., Polychronakis, M., Markatos, E.P., Karagiannis, T.: Rise of the Planet of the Apps: A Systematic Study of the Mobile App Ecosystem. In: Proceedings of the 2013 Conference on Internet Measurement Conference, IMC (2013)

    Google Scholar 

  22. Pouik, G0rfi3ld: Similarities for Fun & Profit. Phrack Magazine 14(68) (2012)

    Google Scholar 

  23. Rastogi, V., Chen, Y., Jiang, X.: DroidChameleon: Evaluating Android Anti-malware Against Transformation Attacks. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, ASIACCS (2013)

    Google Scholar 

  24. Ruddock, D.: Google Pushes Major Update To Play Developer Content Policy, Kills Notification Bar Ads For Real This Time, And A Lot More (September 2013), http://www.androidpolice.com/2013/08/23/teardown-google-pushes-major-update-to-play-developer-content-policy-kills-notification-bar-ads-for-real-this-time-and-a-lot-more/

  25. Signals and Systems Telecom: The Mobile Device & Network Security Bible: 2013–2020. Tech. rep. (September 2013), http://www.reportsnreports.com/reports/267722-the-mobile-device-network-security-bible-2013-2020.html

  26. Simon, Z.: Adwares. Are they viruses or not? (July 2012), http://androidmalwareresearch.blogspot.gr/2012/07/adwares-are-they-viruses-or-not.html

  27. Trend Micro: TrendLabs 2Q 2013 Security Roundup. (August 2013), http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/reports/rpt-2q-2013-trendlabs-security-roundup.pdf

  28. Uscilowski, B.: Mobile Adware and Malware Analysis. Tech. rep., Symantec (October 2013), http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/madware_and_malware_analysis.pdf

  29. Vidas, T., Christin, N.: Sweetening Android Lemon Markets: Measuring and Combating Malware in Application Marketplaces. In: Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy (CODASPY) (2013)

    Google Scholar 

  30. Weichselbaum, L., Neugschwandtner, M., Lindorfer, M., Fratantonio, Y., van der Veen, V., Platzer, C.: Andrubis: Android Malware Under The Magnifying Glass. Tech. Rep. TR-ISECLAB-0414-001, Vienna University of Technology (2014)

    Google Scholar 

  31. Zhang, Y., Xue, H., Wei, T., Song, D.: Monitoring Vulnaggressive Apps on Google Play (November 2013), http://www.fireeye.com/blog/technical/2013/11/monitoring-vulnaggressive-apps-on-google-play.html

  32. Zheng, M., Lee, P.P.C., Lui, J.C.S.: ADAM: An Automatic and Extensible Platform to Stress Test Android Anti-virus Systems. In: Flegel, U., Markatos, E., Robertson, W. (eds.) DIMVA 2012. LNCS, vol. 7591, pp. 82–101. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  33. Zhou, W., Zhou, Y., Grace, M., Jiang, X., Zou, S.: Fast, Scalable Detection of “Piggybacked” Mobile Applications. In: Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy, CODASPY (2013)

    Google Scholar 

  34. Zhou, W., Zhou, Y., Jiang, X., Ning, P.: Detecting Repackaged Smartphone Applications in Third-Party Android Marketplaces. In: Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy, CODASPY (2012)

    Google Scholar 

  35. Zhou, Y., Jiang, X.: Dissecting Android Malware: Characterization and Evolution. In: Proceedings of the 33rd IEEE Symposium on Security and Privacy (2012)

    Google Scholar 

  36. Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. In: Proceedings of the 19th Annual Network & Distributed System Security Symposium, NDSS (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Secure Systems Lab, Vienna University of Technology, Austria

    Martina Lindorfer, Matthias Neugschwandtner & Christian Platzer

  2. Institute of Computer Science, Foundation for Research & Technology – Hellas, Greece

    Stamatis Volanis, Elias Athanasopoulos & Sotiris Ioannidis

  3. Politecnico di Milano, Italy

    Alessandro Sisto, Federico Maggi & Stefano Zanero

Authors
  1. Martina Lindorfer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stamatis Volanis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alessandro Sisto
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Matthias Neugschwandtner
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Elias Athanasopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Federico Maggi
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Christian Platzer
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Stefano Zanero
    View author publications

    You can also search for this author in PubMed Google Scholar

  9. Sotiris Ioannidis
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Castle Point on Hudson, Stevens Institute of Technology, 07030, Hoboken, NJ, USA

    Sven Dietrich

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Lindorfer, M. et al. (2014). AndRadar: Fast Discovery of Android Applications in Alternative Markets. In: Dietrich, S. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2014. Lecture Notes in Computer Science, vol 8550. Springer, Cham. https://doi.org/10.1007/978-3-319-08509-8_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-08509-8_4

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-08508-1

  • Online ISBN: 978-3-319-08509-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation