Classifying Android Applications Via System Stats

Android devices continue to dominate the mobile device market. However, ever-increasing reverse engineering capabilities and the ability to repackage apps to include malicious code with relative ease introduce significant challenges for marketplace providers. This research investigates the idea that system stats generated from running apps can be utilized to identify apps. The stats are collected from the host system while apps are running in an Android Virtual Device environment. The dataset comprises 998 repackaged apps, 1,533 malicious apps, and 2,130 normal apps. The results were analyzed using a J48 decision tree and achieved 99% accuracy.