RiskInDroid: Open-source risk analysis of Android apps
RiskInDroid (Risk Index for Android) is an open-source tool for quantitative risk analysis of Android applications based on machine learning techniques.
How RiskInDroid works
“A user should be able to quickly assess an application’s level of risk by simply glancing at RiskInDroid’s output, and they should be able to compare the app’s risk with others easily,” Gabriel Claudiu Georgiu, developer of RiskInDroid, told Help Net Security.
Unlike other tools, RiskInDroid does not take into consideration only the permissions declared into the app manifest but carries out reverse engineering on the apps to retrieve the bytecode and then infers (through static analysis) which permissions are used, extracting four sets of permissions for every analyzed app:
1. Declared permissions – Extracted from the app manifest.
2. Exploited permissions – Declared and used in the bytecode.
3. Ghost permissions – Not declared but with usages in the bytecode.
4. Useless permissions – Declared but never used in the bytecode.
“The precision and reliability of RiskInDroid have been tested on a large dataset made of more than 6,000 malware samples and 112,000 apps. We released everything to the public so our results could be easily reproduced and verified,” Georgiu added.
Future plans and download
“Currently there are no future versions planned, I just make sure everything works with the latest versions of Python and occasionally update the underlying libraries. Probably the most straightforward improvement would be to include other features in the analysis. Now, only permissions are considered, but we could also consider API calls and URLs that can be extracted through static analysis as we did for permissions, Georgiu concluded.
RiskInDroid is available for free on GitHub.
Must read:
- 15 open-source cybersecurity tools you’ll wish you’d known earlier
- 20 essential open-source cybersecurity tools that save you time