Detecting Malicious Android Game Applications on Third-Party Stores Using Machine Learning

Abstract

Due to Android’s flexibility in installing applications, it is one of the most popular mobile operating systems. Some Android users install applications from third-party stores even though they have the official application store, Google Play. These third-party stores usually have the mod version and the self-proclaimed original applications, which can be repackaged applications. Applications on these third-party stores can introduce security risks because of the non-transparent alteration and uploading processes. In this research, we inspect 492 Android applications from ten third-party stores for repackaged applications using information of APK files and a token-based code clone detection technique. We also classify repackaged applications as benign or malicious and categorize malicious applications into twelve malware categories. For the malware classification, we use machine learning techniques, including Random Forest, Decision Tree, and XGBoost, with the CCCS-CIC-AndMal-2020 Android malware dataset. Finally, we compare the results with VirusTotal, a well-known malware scanning website.