A team of researchers have reviewed an thousand of android application using scanner called “MassVet,”.Researchers used mass vet scanner to scan more than 127,000 potentially harmful applications (PHA) in more than 30 Android markets – including Google Play.
In their whitepaper,Researchers said,MassVet scanner “Find Unknown Malicious application in 10 Seconds.Researchers tested near around 1.2 miliion android application from popular Android app store.After conducting the test using MassVet scanner,Researchers found 127,429 malicious application.Researcher said some of these malicious application are also available in google play store.Some of the harmful behaviors in Malicious android application:
- Collection Personal data
- Location tracking
- GPS
- SMS,MMS and Call Log
- Data Archive Of Smartphone
- Microphone
- Camera
- Remote access
- as well as sending contact lists and photos without the user's consent.
These malicaious application are running in the smartphone as a service means as and when user turn on the smartphone,application will be automatically launched.So user can't uninstall and disable the application.The only way is to root the smartphone and remove the malicious application.
“MassVet is designed to compare individual Permission of an app with those of other apps in a large scale.According to researchers, “In this way, we can even detect the potentially harmful applications in few seconds, including some zero-day malware.”
Researcher said,MassVet Scan found 20 zero days malware in malicious android application.The researchers explained that more than 90 percent of the PHA they found were reported by VirusTotal, and from the remaining 10 percent they randomly choose 40 application and analyzed their behaviors.Researchers said. “These 20 application are likely to be zero-day because no scanner has reported them. Their behavior includes installing apps without user's consent, collecting user's private data, etc.”
In Google Play store, they found 30,552 of 401,549 malicious application and worst part is,of these malicious application, 400 of the malicious application had been downloaded more than a million times each, and 2,000 had been downloaded more than 50,000 times each.
The whitepaper explained that MassVet is unlike current detection mechanisms that rely on heavyweight program analysis techniques.The researchers said they are in the process of reaching out to Google with their new vetting technique.