RiskInDroid (Android Risk Index) is an open source tool for quantitative risk analysis of Android applications based on machine learning techniques.
How RiskInDroid works
“A user should be able to quickly assess an app’s risk level by simply looking at RiskInDroid’s output and should be able to easily compare the app’s risk with others,” Gabriel Claudiu Georgiu, RiskInDroid developer, told Help Net Security.
Unlike other tools, RiskInDroid doesn’t just consider the permissions declared in the app’s manifest, it reverse-engineers apps to retrieve the bytecode and then infers (through static analysis) which permissions are being used, extracting four sets of permissions for each app analyzed :
1. Declared permits – Extracted from the application manifest.
2. Used licenses – Declared and used in bytecode.
3. Ghost permissions – Not declared, but with use in bytecode.
4. Useless permissions – Declared but never used in bytecode.
“RiskInDroid’s accuracy and reliability were tested on a large dataset consisting of more than 6,000 malware samples and 112,000 applications. We made everything public so that our results could be easily reproduced and verified,” added Georgiu.
Future plans and takeover
“There are currently no future versions planned, I just make sure everything works with the latest versions of Python and periodically update the core libraries. Probably the simplest improvement would be to include other features in the analysis. Now only permissions are considered, but we could also consider API calls and URLs that can be extracted through static analysis like we did for permissions, Georgiu concluded.
RiskInDroid is freely available on GitHub.
Must read: