This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Smartphone usage in the world is increasing day by day. People now-a-days prefer Smartphones over PCs and 2011 reports prove this fact. Security issue is the biggest problem Smartphone are facing and research is going on to make Smartphone's more and more secure. In this project we are making an android application which will detect and kill all the malicious activities carried out in background without the consent of user.
Cyber criminals continued their focus on the android operating system for Smartphone's as Android is becoming the dominant platform of mobile computing(75% market share worldwide in Table:2.1) according to the latest reports. Android users are tricked into downloading malwares which not only stole their personal information but also download and install other applications without their knowledge.
To maximize the security for android phones, we are making an application which will help the user to detect and kill any sort of malicious activities carried out in background. Android OS allows the user to install applications from anywhere and this proves to be an advantage for cyber-crooks. Sometimes when the user install an application, a hidden malicious code is also downloaded which keeps on running in the background affecting the battery life and stealing user's personal information and the user is unaware of all these malicious activities. Our application runs in background and will first detect all the running applications then it will detect all those applications which are connected to network (exchanging data) and in the last it will detect and remove the hidden malicious code in found in any of those applications. This will not only secure user's data but will also improve the battery life and performance of the mobile phone.
We will use some detecting techniques like signature based checking, anomaly checking, behavior checking, and integrity checking in order to detect the malicious code
CHAPTER 1: INTRODUCTION
In recent years, mobile phones have evolved from supporting telephonic functions to supporting multiple features, ranging from capturing and playing digital media, to e-mail access, e-banking, and remote access to personal files. As the capability of mobile phones is increasing, the threat of malicious code targeting them also is increasing. It is widely believed that the evolution of malware for mobile devices will take a similar direction as the evolution of PC malware. Many operations involving sensitive data transfer, such as financial transactions, online buying and selling of goods, are being done excessively through the mobile devices. Mobile devices are easy targets for malware because they are well connected, incorporating various means of wireless communications. Similar to PCs, the mobile devices are capable of Internet access for web browsing and emails. They also have the capability to communicate by wireless LAN, short range Bluetooth connectivity, and short/multimedia messaging service (SMS/MMS).
Android is the leading mobile operating system in the world having most of the market share (68% as of August 2012). Its open source and allows the users to use their phones freely with no restrictions. As the usage of Android OS is increasing, the security problems are also increasing. While downloading applications some hidden malicious codes are also downloaded without the information of the user which not only affects the mobiles performance but also steals the user's personal information and data.
There has been an explosive growth of android OS in the last couple of years and it is expected that it will keep on increasing time. Android already leads in the market share all over the world and its numbers keep on increasing with the each passing day. The biggest problem so far for the android users is that different types of malwares steal their personal data from their phones without their information and it also affects the mobile performance like battery timing, memory usage etc and many survey reports prove this fact. So, there is a massive need of good security application which detects and kills the malicious activity from the system. Many applications were introduced as a solution for this but none of them prove to be effective because they used signature based detection method and it is out of style years ago.
Android applications are increasing day by day and this results in increasing the number of malwares on daily basis as most of the users did not know that the app they are using is actually the malware even android market contains applications containing malwares and unfortunately there is no check for this kind of application
With the passage of time more and more methods are invented to attack the android devices and it is becoming difficult for developers to detect each of these attacks. There are some techniques which we will b using in our application which help us in detecting the kind of malicious activity.
It is a popular technique based on searching for previously defined virus signatures in input files. Signature detection has the advantage of detecting malicious activity before the system is infected by the malicious code.
It is another popular technique based on a behavior checker that resides in the memory looking for unusual behavior. In this case, the user is alerted about the misbehaving application. Behavior checker has a disadvantage that by the time a malicious activity is detected, some changes have already been done to the system.
It is a technique that maintains a log of all the files that are present in the system. The log may contain characteristics of files like the file size, date/time stamp and a checksum. Every time an integrity checker is run, it will check the files on the system and compares with the characteristics it had saved earlier.
The anomaly detection is done by a remote anomaly detection system. Each smart phone acts as a client, sending a set of features which are extracted by learning the various measurements of the resources, hardware and software components to the remote anomaly detection system, where these features are stored into a database. The database is accessed by detection units which analyzes the data for malicious activity.
Security concern is the biggest problem these days in the Smartphone's industry. With the each passing day numbers of cyber-attacks on mobile phones are increasing due to which users face a lot of troubles.
Improved Mobile Performance
A lot of Android user's complaint that the battery life of their phones is not up to the mark, it is because of the hidden malicious activities carried out in background and is invisible to the user.
The year 2011 is full of cyber-attacks on Android phones it is continued this year as well. Research is going on this aspect to provide more and more security to Android phones.
As Android is the leading Operating system in mobiles having most of the market share the need to make it more and more secure in increasing every day. Many antiviruses for android phones are produced but none of them proves to be effective rather they reduced the performance of mobile phones.
The demand of Android developers in the market is increasing day by day and it will last for quite a long time. By working on this project there is a lot for us to learn both in the development as well as in the research field.
AIMS AND OBJECTIVES
Our aim in this project is to provide maximum security for the Android phones. Security issue is a great threat to the mobile users as they store their personal information in their phones. We are targeting the internal attacks in the android phones and our application will detect and kill the applications which contain any sort of malicious code.
Observe running applications
Detect applications exchanging data over network
Detect any malicious activity
CHAPTER 2: RELATED WORK
2.1 RELATED WORK
As the growth of Android OS is increasing rapidly with time, the increase the android malwares is also increasing and the latest reports are shown in figure:2.1 Â mobile securityÂ companies are making sure that consumers are aware and that they would like them to be concerned. In a survey report of summer 2012 it is mentioned that over 40 android security applications were tested and only 7 have malware detection rate of over 90%. As the number of Android applications and daily AndroidÂ activations are growing by record numbers, so it's easy to believe that these reports of malwareÂ detection would increase.
A company by the name ofÂ AV-TESTÂ has taken this growth in Android security applications quite seriously and has published a rather large report on which of themÂ are actually effective. After looking at over 40, they were left with the following seven applications, who were the only ones able to catch over 90% of malware loaded onto test devices. Following are those seven applications.
2.1.1 Problems with current Android Security Apps
The problem with many Android security apps or antivirus programs is that they use signature-based tracking to identify viruses and malware. Signature-based tracking went out of style years ago among PC antivirus software companies because hackers kept finding ways around it. With signature-based defense, the antivirus software relies on a database of virus "signatures" and then protects users when it identifies that signature running on their computer. This technique is good up to some extent but due to massive increase in the production of malwares on regular basis this technique cannot provide the kind of security required by the system. Android security application or antivirus programs aren't using antiquated methods. Instead, they are forced to use signature-based antivirus tracking because any other type of tracking would require root access to the system. So, when a malware tries to modify core system files or affect other vital parts of the Android device, existing security applications can't recognize that because it is not able to access the 'root' of the system. As a result, leading Android security companies offer rooted versions of their applications that are more powerful than the non-rooted versions. For example,Â companies like AvastÂ haveÂ added a firewallÂ function into the rooted version of their app.
No security application can claim to be 100% effective, and that rule remains true for Android devices. And that is why security on our favorite mobile operating system is still an issue.
Figure : Increase in Android Malwares since January 2008 till October 2012
2.2 RESEARCH PAPERS LITERATURE
Detecting Android Malware on Network Level
This paper describes approaches to detect Android malware on the network level. In the beginning evolution of android OS as the leader of Smartphone's industry is described. It has been found that over 190 million android devices are activated till the start of 2012 and the numbers are expecting to further increase. As android users can install an application from various sources like Google PlayStore, third party app stores, or by direct downloading and installation of APK files, the possibility of malwares present in the device in very large and even most of the users remain unknown about the stealing of their personal data and information. Further in the paper related work is mentioned i.e. Dasient company performed automated analysis on 10,000 android applications from the Google Android marketplace and of those 10,000 applications, 8.4% were found to leak the International Mobile Equipment Identifier from the device. Efforts to detect Android malware through dynamic analysis are being made by DroidBox. Further the paper described the new technique to detect malware on network level by analyzing network packets. Their analysis of packet traces focuses on finding information leakage in HTTP traces and identifying connection attempts to command and control server DNS and IP-addresses. Conversions containing IMEI, phone number or credit card information were tracked, as well as unexpected binary downloads and if no abnormalities are detected then the packet dump is compared manually to a dump generated by the uninfected VM template image.
Most malware on Android devices uses very basic communication techniques, specifically static C&C server addresses and plain-text trans- mission of data. Preliminary results show that the presented detection techniques are viable, but large-scale testing is required to determine real world performance.
Understanding Android Security
This article gives a brief introduction to Android application development and points out security issues that developers have to be aware of, such as using explicit Intents whenever possible. In the beginning of the article it is described that how android has become the leader of smart phones market in such a short time as shown in Figure:2.2. Some of the essential features of android OS has been explained in the article like synchronization of contacts and calendar information and adapting other social networking functions. This article attempts to unmask the complexity of Android security and note some possible development pitfalls that occur when defining an application's security. Further in the article the framework of android application is explained. The Android application framework forces a structure on developers. It does not have a main function or a single entry point for execution instead; developers must design applications in terms of components. Android defines four types of component: (i) Activity components (define application user interface), (ii) Server components (performs background processing), (iii) Content provider components (store and share data using relational database interface), (iv) Broadcast receiver components (act as mailbox for messages from other applications). The article further explains components interaction using intents, intent filter and their potential issues and explains how to set access permission labels via manifest. Further it is mentioned that android protects applications and data through a combination of two enforcement mechanisms, one at the system level and the other at the ICC level. Android's security framework is based on the label-oriented ICC mediation. The article further described some permission protection levels like normal, dangerous, Signature, SignatureOrSystem using their own application called 'Friend Tracker'
Crowdroid: Behavior-Based Malware Detection System for Android
In the beginning it has been described that how malwares are increasing every day for the mobile phones after they have threatened PC's for so many years. Further a short survey of the growth of the android Smartphone's has been shown in Table 2.1. Security problems in android are increasing every day and no reliable solution is available so far. According to Juniper Networks, their Global Threat Center found a 400% increase in Android malware since summer 2010 and some of the most common malwares are "Fake Player", "Genimi", "PJApps" and "HongToutou". So far two approaches have been proposed for the analysis and detection of malware: static analysis and dynamic analysis. Static analysis, mostly used by antivirus companies, is based on source code or binaries inspection looking at suspicious patterns. On the other hand, dynamic analysis involves running the sample in a controlled and isolated environment in order to analyze its execution traces. In this paper they introduced a new framework "Behavior Based Malware Detection" for detecting malicious applications. Since security tools and mechanisms used in computers are not feasible for applying on Smartphone's due to the excessive resource consumption and battery depletion. Hence, they decided to perform the whole analysis process on a dedicated remote server which will be used exclusively to collect information and detect malicious and suspicious applications in the Android platform. They also have developed their own client "Crowdroid" which is available in the android market. With the help of Android users community, it will be capable of distinguishing between benign and malicious applications of the same name and detect anomalous behavior of known applications. Keeping in view the success rate of previous detection methods they concluded that monitoring system calls is one of the most accurate techniques to determine the behavior of android applications. After various experiments they have described that it is possible to obtain behavior information using artificially created user actions, or creating replicas of Smartphone's, but crowd sourcing helps the community to obtain real application traces of hundreds or of applications.
Permission Usage To Detect Malware in Android
Smart phones are becoming more popular and the number of applications that are available for users are also increasing at a very high pace. Threat of malicious applications is also increasing even though Apple's App Store and Google's Play Store. Apple applies a rigorous review process made by at least two reviewers. Google's Android relies on permission system which enable users to view the number of permission an application require to work on their device using this information they can know what type of application they are downloading. Unfortunately this does not help much is protecting people from malicious applications as most of the users don't even check the permission list before downloading applications. Both Apple and Google have included clauses in the terms of services that urge developers not to submit malicious software, still they both have hosted malware in their stores. Both are developing different techniques to stop developers from posting malicious applications on their stores. Applications are divided into two main categories Benign Software dataset it is done by selecting different type of applications like widgets, web apps and native applications. All the safe applications are included in this category. Then there is Malicious Software a sample of malicious software is included in this category. Android applications require permission of user before being installed on the system . So it analyzed the following features:"\uses-permission", it contains permissions that the application needs to work is defined under this tag; and "\uses-feature", which shows which are the features of the device the application uses. Most of the malicious applications use the same type of permissions that the benign apps use. So finding the correct malicious app is s a little difficult. It is found that only 1 permission is required for the application to behave maliciously there is a low chance of them having 2 or 3. Machine learning method has been used to distinguish between benign and malicious application. WEKA tool is used in this process and k-fold cross validation technique is used. A correct number of false positives and negatives are also calculated. A correct threat detecting probability is known by this step. Over all conclusion of this article is that permissions are the most recognizable security feature in Android. User must accept them in order to install the application. For validation of the proposed process 239 malware samples were used. Still this method is more static than dynamic still research is going on this technique .
A Review of Malicious Code Detection Techniques for Android Devices
Number of mobile phones is rising is the world at a very high rate. Smart phones are becoming popular as the time is passing. Smart phones have the ability to use mobile networks like Wi-Fi, Bluetooth and GSM services for different tasks. Most of the people are connected to internet through their smart phones and perform many of their daily tasks from their phone instead of PCs. Due to many operations involving sensitive data transfer such as financial transactions, online buying and selling of goods, are being done excessively through these devices. They are easy targets for malware because they are well connected, incorporating various means of wireless communications. Malware can affect in different ways some of them are Theft of Data Hackers can often attack mobile devices to obtain transient and static information. Transient information is related to location of device, power and other data usage. Static information is the data exchanged over network. Phone Hijacking Phones can be hijacked and can be used to send expensive SMS or listen to call of that are being made by user. Denial of Service (DoS) attacks are also a threat to mobile devices as hackers can flood the device and cause the battery to drain by sending corrupt packets through Bluetooth or Wi-Fi. Many Trojans, Worms, Viruses have entered the mobile world and have affected them during the past years. There are mainly three approaches to detect malicious code Signature Based Detection, this technique is based on the history of previous defined viruses so it runs in the system is searching for the virus before it even start affecting the device. It has a drawback that it only has information about past virus definitions latest viruses are safe from it. Behavior checking technique refers to the application that resides in the memory of the device and keeps checking the applications for unusual behavior. Integrity Checker keeps the log of the applications already present in the system and whenever the checker runs it compares old log with a new one. These basic techniques can be enhanced to improve performance and improve security.
A study on the system for detect malware that disclose privacy information via the Android App Store
At the beginning a short survey of the growth of the android Smartphone's has been shown. It is analyzed that android Smartphone's are growing and Irish Research Company has published that more than 80% of the Smartphone users are using Android operating system in 2012. Similarly, with the evolution of Android operating system, malicious codes are also growing and personal data like contacts, messages and financial information is also in danger. Malicious codes are increased by 800% from February 2011 to May 2011 . Android-based malicious codes are growing by using different kind of mediums. Applications are sharing the personal information through web, Bluetooth, WiFi, etc. The paper says that this is the secondary crime called Phishing which can be detect by using the signature method. In signature method Phishing can be detecting by updating patters but this can be done after checking the performed unusual activity. To overcome this, another technique is mentioned by the name of heuristic type detection, to detect variant based malicious code still this technique cannot detect unknown malicious code. Unknown malicious codes can be detect by analyzing the API's (shown in Figure 2.4) and manifest or by analyzing the library used by the application, and by doing a dynamic analysis. The study of malicious must be done before its detection and malicious codes are more diverse in android operating system than desktop computer's environment. Analysis of malicious code distribution paths is mentioned in the paper in which it is shown that the most common distribution path is Google play store. Other distribution paths include Bluetooth, WAP/Web and others. Many applications are uploading on app store and according to the paper they proposed the technique to see the application during the registration process and if they found any malicious code the respective should not be uploaded on the android market but we are focusing on the detection inside the mobile and this can be done by analyzing API's and library paths (shown in Table 2.2) of the applications on which or priority is high. The functions like Access to IME data, Wi-Fi Information, access to location and their API's are mentioned in this paper (Table 2.3) which can be used for the detection of malicious codes. They have tested some applications which contain known and unknown malicious code which include Twalktupi, SMSReplicator, InfoStealer, Pirater, Imlog, and Geimini. These applications were reading the personal information of the user and the web links information and sending them. These applications were having the permissions to access the internet and other permissions to access the personal data of the user. At the end we conclude that rather than checking on the android market at the time of registration, we can use the same methodology inside the mobile by using APIs and detecting library files we can detect the application containing malicious codes by using the APIs and their functions and the library paths and their functions which are shown in this paper.
Table 2.1: Android marker share till September 2012
Table 2.2: Information leakage and malicious activity related Android Library Paths
Table 2.3: Information leakage and malicious activity related Android API
Malware on G-Fan App Market
Over 500,000 apps are infected in the market of china. They are the Android Operating System users. An application called SMSzombie, were downloaded by more than 500,000 users and their money was stolen by reading their account details which was given to buy gaming applications on a Chinese third party application store called G-Fan App market. This case was noticed on August 20, 2012. Things to be notice are that these kinds of malicious codes can even steal your financial property. There is still no security on the application level.
CHAPTER 3: REQUIREMENT SPECIFICATION
This document is designed for the malicious code detection which is divided into several phases.
The purpose of this project is to provide the maximum security from private data to the android Smartphone users. Private data of the user means the personal data like messages, contacts and links that are used or using by the user. The other purpose is to make the android system more efficient by closing the unusual activities to free the resources. The resources like RAM and Battery usage should be used efficiently. That may takes the user's Smartphone into the level where performance will be provided more.
Threat of malware is increasing in the android world, so there is need for applications that will prevent malicious applications from invading user privacy. At the time of completion our product, it will be able to detect malicious apps that are running in the device and would stop them. It will keep the track of the apps that have a malicious signature and may perform a malicious activity. It will make sure that the user's privacy is preserved.
3.1.3 Definitions, Acronyms, and Abbreviations
SDK:AÂ "software development kit" is typically a set ofÂ software developmentÂ tools that allows for the creation ofÂ applicationsÂ for a certainÂ softwareÂ package,Â software framework, hardware platform,Â computer system,Â video game console,Â operating system, or similar platform.
IDE: AnÂ "integrated development environment"Â (IDE) is aÂ software applicationÂ that provides comprehensive facilities toÂ computer programmersÂ forÂ software development. An IDE normally consists of aÂ source code editor,Â build automationÂ tools and aÂ debugger.
MCD: "Malicious code Detector" is the name our application that we are going to build for the android Smartphone.
RAM: "Random-access memory"Â (RAM) is a form ofÂ computer data storage. A random-access device allows storedÂ dataÂ to be accessed in very nearly the same amount of time for any storage location, so data can be accessed quickly in any random order.
Malware: Malware,Â short forÂ maliciousÂ (or malevolent)Â software, is software used or created to disrupt computer operation, gather sensitive information, or gain access to private computer systems.
DroidBox: An open source project utilizing Google's Android Virtual Device to log Android application behavior.
ICC: Inter component communication.
Rooted Device: Allow the user to root the device and provide super user functionality and every type of access to the system file.
This part of document is focusing on functionalities of product. All the aspects of malicious code detection will be covered in this topic. Detail of all the interfaces will be explained including user, hardware, software interfaces. Moreover functional and non-functional requirements are also explained in this section.
3.2 Product Perspective
3.2.1 User Interfaces
This is mobile application and all the detail will be shown to user on the front end of the mobile screen.
3.2.2 Hardware Interfaces
A mobile system with a reasonable amount of RAM would be required to give fast results.
3.2.3 Software Interfaces
The software interfaces used to develop the system are
Android SDK, JDK
3.2.4 Product Overview
Our application 'Malicious Code Detector' basic goal is to provide maximum security to the android phone users and enhance performance of the mobile phone. First user will start this application and then it will first detect no. of running applications and all those applications which are stealing user's personal data and misusing the system resources like battery life, memory etc. then finally it will detect the misbehaving applications and if required urgently close that application without user's permission and in some cases it will ask to the user for permission to close the malicious application.
3.2.5 Business Opportunity
As android operating system is leading in the market share worldwide its security problems increases rapidly with time. Most of the companies have been working on it to provide a successful solution for this issue and many security applications and antivirus software's have been introduced but none of them prove to be effective. Malicious code detection can provide much better results than all the previous security applications and it provides us a great opportunity to start a business.
3.2.6 Problem Statement
To provide maximum security and performance to the android phones
The problem of
Security in android phones is currently the biggest problem in the Smartphone industry
Security issues affect the android users and android founders badly as malwares not only stole the user personal data but also decrease the system performance.
the impact of which is
It affects the reputation of android OS in the market
a successful solution would be
Maximum security, performance, less memory usage
3.2.7 Product Position Statement
Android users and founder of the company
The (product name)
Malicious code detection is a security related product
Will provide maximum security and performance
More effective than previous applications
No other security application enhances the performance rather they reduced the system performance our application will enhance the system performance
3.2.8 Market Demographics
Android users are increasing day by day and as a result its applications are increasing with rapid speed. Android users can install application through various sources like Google PlayStore, third party app store and by directly downloading and installing APK files. This results in malwares which not only steal the personal data of user but reduce the mobile performance. Security is the biggest problem android OS is facing so far and many researches are going on this topic but even after development of many security related apps and anti-viruses there is no effective solution to detect malwares and there is intense need of a more effective application to detect malwares.
3.2.9 Alternatives and Competition
Since the evolution of android malwares many security companies started developing the solution to detect the malwares in the OS and since summer 2010 over 40 security related apps were tested to detect malwares but only 7 of them have a success rate of over 90%. This result show that all those apps were not up to the mark and the need for a real efficient system is still required.
In FYP-1 we have developed some malicious android applications which will steal data without the user's information. These are as follows.
It's a simple tic-tac-toe game but while playing this game user's contacts and messages will be sent to the hacker automatically. When user will press the button to take action in the game his personal information will be leaked automatically he will be unaware of all this. Further this game will also make a list of all the running applications, messages, contacts and send that list to the hacker.
3.4 Functional Requirements
This will enable the application to run on background while user can perform other tasks and our application will keep on working at background.
It involves following processes.
Detect running applications
Detect misbehaving applications
Detect content sending applications
Detect network applications
3.4.3 User Permission
Our application asks for user permission after detecting malicious application and to close that application user will provide the permission.
Some malicious applications will be closed without the user permission and a notification is shown to the user about the action performed.
3.5 Non-Functional Requirements
3.5.1 Performance Requirements
The mobile operating system must be android Gingerbread 2.3.3 or latest so that our application can give maximum performance. Low processing time will also help in increasing the performance of the application.
The application must be portable so that it can be installed on all the latest android OS.
The application depends on the reliability of hardware devices because if hardware crashes all confidential data will be lost.
The application must b easily accessible on Google Play Store or any other android source.
The application must be easy to install and a complete step by step process should be displayed to the user so that he can easily understand how the application will work.
The application must be flexible enough to accommodate any update or changes or adding some new features for better performance.
If there are too many applications installed in the Smartphone then the system must be scalable so that it can handle large amount of data.
CHAPTER 6: REFERENCES
 R. Tiwari, S. Buse, and C. Herstatt, "Mobile Services in Banking Sector: The Role of Innovative Business Solutions in Generating Competitive Advantage," Proc. International Research Conference on Quality,Innovation and Knowledge Management, New Delhi, Feb.2007, pp.886-894.
 Q. Yang, R. H . Deng, Y. Li, and T.Li, "On the Potential of Limitation-oreinted Malware Detection and Prevention Techniques on Mobile Phones," International Journal of Security and its Applications, vol. 4, no. 1, Jan. 2010.
 D. Dagon,T. Martin, and T. Starner, "Mobile Phones as Computing Devices,the Viruses are Coming!," Pervasive Computing, IEEE, vol. 3, no. 4, Oct-Dec. 2004, pp. 11-15. doi: 10.1109/MPRV.2004.21.
 M. Howell, S. Love, and M. Turner, "User Characteristics and Performance with utomated Mobile Phone Systems," International Journal of Mobile Communications, vol. 6, no. 1,2008, pp.1-15.
 D. Venugopal, "An Efficient Signature Representation and Matching Method fo Mobile Devices," Proc. 2nd Annual International workshop on Wireless Internet (WICON '06), Boston, MA, United States, 2006.
 Gartner, "Worldwide Smartphone Sales to End Users by Operating System in 2010",
http://www.Gartner.com/it/page.jsp?id=1543014, February 2011.
 Korea communications commission, " Opening of the earnest era popularized smartphones : Subscribers exceeded 20 million people ", http://www.kcc.go.kr, November, 2011.
 Statcounter, "Top 8 Mobile Oss in South Korea from Q04 2009 to Q03 2011", http://gs.statcounter.com/#mobile_os-KRquarterly- 200904-201103, November, 2011.
 Gatner, "Worldwide Smartphone Sales to End Users by Operating System in 3Q11", http://www.gartner.com/it/page.jsp?id=1848514, November, 2011.
 Mobile Content, "The third quarter mobile phone sales in '11", http://mobizen.pe.kr/1131, November, 2011.
 TrendMicro, "Android maleare continue to shape-shift",
http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/02_android_malware_acts_as_an_sms_relay__080311_.pdf, August, 2011.
 Antonio Galante, Ary Kokos, Stefano Zanero, "BlueBat: Towards Practical Bluetooth Honeypots", IEEE, June, 2009.
 T.J.O'Connor, Ben Sangster, "honeyM : a framework for implementing virtual honeyclients for mobile devices", ACM, 2010.
 Corrado Leita, Marco Cova, "HARMUR : Storing and Analyzing Historic Data on Malicious Domains", ACM, 2011.
 Michael Freeman, Andrew Woodward, "SmartPot - Creating a 1st Generation Smartphone Honeypot", Proceedings of the 7th Australian Digital Forensics Conference, 2009.
 Joan Robert Rocaspana, "SHELIA : A Client HoneyPot For Client-Side Attack Detection", 2007.
 NetQin Mobile "The first quarter of 2011, global ANDROID Mobile Security Report", April 2011.
 Schultz, M., Eskin, E., Zadok, F., Stolfo, "Data mining methods for detection
of new malicious executables". Proceedings of the 2001 IEEE Symposium on
Security and Privacy. 2001, 38-49
 Shabtai, A., Fledel, Y., Elovici, "Automated Static Code Analysis for Classifying
Android Applications Using Machine Learning". 2010 International Conference on
Computational Intelligence and Security. December, 2010, 329-333
 Burguera, I., Zurutuza, U., Nadjm-Tehrani, " Crowdroid: behavior-based malware
detection system for android." Proceedings of the 1st ACM workshop on
Security and privacy in smartphones and mobile devices, ACM 2011, 15-26
 Blasing, T., Batyuk, L., Schmidt, A., Camtepe, S., Albayrak, " An android
application sandbox system for suspicious software detection". Malicious and
Unwanted Software (MALWARE), 2010 5th International Conference on, IEEE ,
 Shabtai, A., Elovici, "Applying behavioral detection on android-based devices".
Mobile Wireless Middleware, Operating Systems, and Applications. 2010, 235-249
 Ramon T. Llamas, William Stofega, Stephen D. Drake, and Stacy K. Crook. "Worldwide smartphone 2011-2015 forecast and analysis". Technical report,
International Data Corporation, 2011.
 Jon Oberheide and Zach Lanier. "Team joch vs android: The ultimate showdown. ShmooCon 2011", January 2011.
 50 Malware applications found on Android O_cial Market. http://m.guardian.co.uk/technology/blog/2011/mar/02/android-market-apps-malware?cat=technology&type=article
 J. B. MacQueen. "Some methods for classi_cation and analysis of multivariate observations". L. M. Le Cam and J. Neyman, editors, Proc. of the _fth Berkeley
Symposium on Mathematical Statistics and Probability, volume 1, pages 281-297. University of California Press, 1967.
 Steven A. Hofmeyr, Stephanie Forrest, and Anil Somayaji. Intrusion detection using sequences of system calls. J. Comput. Secur., 6:151-180, August 1998.
 J. Saltzer and M. Schroeder, "The Protection of Information in Computer Systems," Proc. IEEE, vol. 63, no. 9, 1975, pp. 1278- 1308.
 I. Krstic and S.L. Gar!nkel, "Bitfrost: The One Laptop per Child Security Model," Proc. Symp. Usable Privacy and Security, ACM Press, 2007, pp. 132-142.
 N. Li, B.N. Grosof, and J. Feigenbaum, "Delegation Logic: A Logic- Based Approach to Distributed Authorization," ACM Trans. Information and System Security, vol. 6, no.1, 2003, pp. 128-171..
 New avg study reveals smartphone users not aware of significant mobile security risks, 2011. http://www.avg.com/gb-en/press-releases-news.ndi-973; visited on December 4th 2011.
 Xuxian Jiang. "Security alert: New androidmal-ware - golddream - found in alternative app markets". http://www.cs.ncsu.edu/faculty/jiang/GoldDream/; visited on December 4th 2011.
 Droidbox. http://code.google.com/p/droidbox/; visited on December 4th 2011.