Improving the Automatic Identification of Malicious Android Apps in Unofficial Stores through Logo Analysis

The wide diffusion of mobile devices and the ability of users to customize their experience through applications (Apps) is opening to new problems related to privacy, security and data integrity for the mobile ecosystem. Smartphones, in general, and Android devices, in particular, are rapidly becoming emerging threat vectors of cybercrime activities. Unofficial Android markets, especially those with weak controls on published Apps, are the places where frauds may easily start and spread. Hence, the ability to identify and quickly shut down deceptive Apps is of paramount importance in the protection of users, services and infrastructures. Traditional approaches that aim at mitigating the presence of malicious Apps in unofficial markets, are based on crawlers for scanning stores and checking the words used in Apps' description. These methods works very well when the App's title, keywords and description match specific patterns that identify services to protect and the application owner or App's signature do not match expected ones. Unluckily, the performance of such methods reduce sharply when the store adopts a language that is not supported by the recognition system or the App publisher uses misleading words in the App's description. Nevertheless, App publishers always use a logo which is familiar to the user in order to highlight the application and increase the probability that the users install it. In this paper we presents a system that overcomes the limitation of traditional approaches including logo analysis in the process of App recognition. Our contribution is the definition and evaluation of a logo-based complementary system to be used in conjunction with traditional approaches based on word lists checking. The system and the performance of the proposed solution are presented and analyzed in the paper.