Tal Hadad, Bronislav Sidik, Nir Ofek, Rami Puzis, Lior Rokach
ICISSP, 83-94, 2017
With the increasing number of smartphone users, mobile malware has become a serious threat. Similar to the best practice on personal computers, the users are encouraged to install anti-virus and intrusion detection software on their mobile devices. Nevertheless, their devises are far from being fully protected. Major mobile application distributors, designated stores and marketplaces, inspect the uploaded application with state of the art malware detection tools and remove applications that turned to be malicious. Unfortunately, many malicious applications have a large window of opportunity until they are removed from the marketplace. Meanwhile users install the applications, use them, and leave comments in the respective marketplaces. Occasionally such comments trigger the interest of malware laboratories in inspecting a particular application and thus, speedup its removal from the marketplaces. In this paper, we present a new approach for mining user comments in mobile application marketplaces with a purpose of detecting malicious apps. Two computationally efficient features are suggested and evaluated using data collected from the” Amazon Appstore”. Using these two features, we show that feedback generated by the crowd is effective for detecting malicious applications without the need for downloading them.