Contrasting Permission Patterns between Clean and Malicious Android Applications

  • Veelasha Moonsamy
  • Jia Rong
  • Shaowu Liu
  • Gang Li
  • Lynn Batten
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 127)


The Android platform uses a permission system model to allow users and developers to regulate access to private information and system resources required by applications. Permissions have been proved to be useful for inferring behaviors and characteristics of an application. In this paper, a novel method to extract contrasting permission patterns for clean and malicious applications is proposed. Contrary to existing work, both required and used permissions were considered when discovering the patterns. We evaluated our methodology on a clean and a malware dataset, each comprising of 1227 applications. Our empirical results suggest that our permission patterns can capture key differences between clean and malicious applications, which can assist in characterizing these two types of applications.


Android Permission Malware Detection Contrast Mining Permission Pattern 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Orozco, A.: Is Google Acknowledging Android is not Secure? Malwarebytes (June 2013),
  2. 2.
    Gilbert, P., Byung-Gon, C., Landon, P.C., Jaeyeon, J.: Vision: automated security validation of mobile apps at app markets. In: Proceedings of the 2nd International Workshop on Mobile Cloud Computing and Services (MCS 2011), Washington, USA, pp. 21–26 (June 2011)Google Scholar
  3. 3.
    Frank, M., Dong, B., Felt, A.P., Song, D.: Mining permission request patterns from Android and Facebook applications. In: Proceedings of the IEEE International Conference on Data Mining, Brussels, Belgium (ICDM 2012), pp. 1–16 (December 2012),
  4. 4.
    Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: User attention, comprehension and behavior. In: Proceedings of the Symposium on Usable Privacy and Security (SOUPS 2012), Washington, D.C, vol. 3, pp. 1–14 (July 2012)Google Scholar
  5. 5.
    Zhou, Y., Jiang, X.: Dissecting Android malware: Characterization and evolution. In: Proceedings of the IEEE Symposium on Security and Privacy (SP 2012), San Francisco, CA, pp. 95–109 (May 2012)Google Scholar
  6. 6.
    Felt, A.P., Greenwood, K., Wagner, D.: The effectiveness of application permissions. In: Proceedings of the USENIX Conference on Web Application Development (WebApps 2011), Portland, Oregon, pp. 1–12 (June 2011)Google Scholar
  7. 7.
    Chia, P.H., Yamamoto, Y., Asokan, N.: Is this app safe? a large scale study on application permissions and risk signals. In: Proceedings of the 21st International Conference on World Wide Web (WWW 2012), Lyon, France, pp. 311–320 (April 2012)Google Scholar
  8. 8.
    International Secure Systems Lab. Andrubis: Analyzing Android binaries, (accessed in May 2012)
  9. 9.
    Open Handset Alliance. Android, (accessed in November 2007)
  10. 10.
    Ableson, F.: Introduction to Android development, (accessed in May 2009)
  11. 11.
    Google. Google play, (accessed in December 2012)
  12. 12.
    Google. Android permissions, (accessed in December 2012)
  13. 13.
    Bartel, A., Klein, J., Monperrus, M., Traon, Y.L.: Automatically securing permission-based software by reducing theattack surface - an application to Android. In: Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering (ASE 2012), Essen, Germany, pp. 274–277 (September 2012)Google Scholar
  14. 14.
    Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Bringas, P.G., Álvarez, G.: PUMA: Permission usage to detect malware in android. In: Herrero, Á., et al. (eds.) Int. Joint Conf. CISIS’12-ICEUTE’12-SOCO’12. AISC, vol. 189, pp. 289–298. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  15. 15.
    Sahs, J., Khan, L.: A machine learning approach to Android malware detection. In: Proceedings of the European Intelligence and Security Informatics Conference (EISIC 2012), Odense, Denmark, pp. 141–147 (August 2012)Google Scholar
  16. 16.
    Wu, D.J., Mao, C.H., Wei, T.E., Lee, H.M., Wu, K.P.: DroidMat: Android malware detection through manifest and API calls tracing. In: Proceedings of the 2012 Seventh Asia Joint Conference on InformationSecurity (Asia JCIS 2012), Tokyo, Japan, pp. 62–69 (August 2012)Google Scholar
  17. 17.
    Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, You, Get Off of My Market: Detecting Malicious Appsin Official and Alternative Android Markets. In: Proceedings of the 19th Annual Network and Distributed System Security Symposium (NDSS 2012), San Diego, California, pp. 1–13 (February 2012)Google Scholar
  18. 18.
    Agrawal, R., Imieinski, T., Swami, A.: Mining association rules between sets of items in large databases. In: Buneman, P., Jajodia, S. (eds.) Proceedings of the ACM SIGMOD International Conference on the Managementof Data, Washington, DC, pp. 207–216. ACM Press (1993)Google Scholar
  19. 19.
    Liu, S., Law, R., Rong, J., Li, G., Hall, J.: Analyzing changes in hotel customers’ expectations by trip mode. International Journal of Hospitality Management (2012) (in press)Google Scholar
  20. 20.
    Rong, J., Vu, H.Q., Law, R., Li, G.: A behavioral analysis of web sharers and browsers inhong kong using targeted association rule mining. Tourism Management 33(4), 731–740 (2012), CrossRefGoogle Scholar
  21. 21.
    Law, R., Rong, R., Vu, H.Q., Li, G., Lee, H.A.: Identifying changes and trends in hong kong outbound tourism. Tourism Management 32(5), 1106–1114 (2011)CrossRefGoogle Scholar
  22. 22.
    Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the ACM Conference and Communications Security (CCS 2011), Chicago, USA, pp. 627–638 (October 2011)Google Scholar
  23. 23.
    F-Secure. Trojan:android/droidkungfu.c, (accessed in January 2013)
  24. 24.
    Android Developer. Location strategies, (accessed in January 2013)
  25. 25.
    Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in Android. In: Proceedings of the 9th Annual International Conference on Mobile Systems, Applications, and Services (MobiSys 2011), Washington, USA, pp. 239–252 (June 2011)Google Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2013

Authors and Affiliations

  • Veelasha Moonsamy
    • 1
  • Jia Rong
    • 1
  • Shaowu Liu
    • 1
  • Gang Li
    • 1
  • Lynn Batten
    • 1
  1. 1.School of Information TechnologyDeakin UniversityAustralia

Personalised recommendations