An effective online scheme for detecting Android malware

The growing popularity of Android-based smart-phones have led to the rise of Android based malware. In particular, profit-motivated malware is becoming increasingly popular in Android malware distribution. These malware typically profit by sending premium-rate SMS messages and/or make premium-rate phone calls from infected devices without user consent. In this paper, we investigate the telephony framework of the Android operating system and propose a novel process user-identification (UID) based online detection scheme. Our scheme can effectively detect premium-rate and background SMS messages as well as premium-rate phone calls initiated by malware. We implemented our detection system on a Samsung Google Nexus 4 running Android Jelly Bean and tested the effectiveness of detecting real malware from Android markets. The experimental results show that our scheme is efficient and effective in detecting background messages and premium-rate messages and phone calls. Our scheme can detect and block all the background and premium-rate SMS messages and phone calls initiated by popular malware.