Vulnebdroid: Automated Vulnerability Score Calculator for Android Applications

Nowadays mobile phone users download lots of applications for various purposes like learning, entertainment, businesses, etc. For a naive user, it is very difficult to identify whether the permissions provided to the application at the time of installation are being used properly or not. There are tools available for the detection of android malware but many of them are not open source or give tricky results which are not easily understandable. Various online services like VirusTotal uses the updated anti viruses for computing the malware detection ratio. However, since most of these anti-viruses are based on signature based detection methodology, therefore, it detection can be circumvented by using obfuscation methods. In our work we have implemented VULNEBDROID, an automated light weight obfuscation-tolerant static tool for computing the vulnerability score and assessing the vulnerability level of android applications. To assess the vulnerability, this tool selects the features of the application, like dangerous permissions used; vulnerable functions which can be used in order to misuse the application and can exploit the Application Programming Interface (API) to access the resources. Using this assessment tool, we are able to detect 96% of malicious application as vulnerable either with high or medium degree of vulnerability.