Vulnebdroid: Automated Vulnerability Score Calculator for Android Applications

  • Sugandha GuptaEmail author
  • Rishabh Kaushal
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 625)


Nowadays mobile phone users download lots of applications for various purposes like learning, entertainment, businesses, etc. For a naive user, it is very difficult to identify whether the permissions provided to the application at the time of installation are being used properly or not. There are tools available for the detection of android malware but many of them are not open source or give tricky results which are not easily understandable. Various online services like VirusTotal uses the updated anti viruses for computing the malware detection ratio. However, since most of these anti-viruses are based on signature based detection methodology, therefore, it detection can be circumvented by using obfuscation methods. In our work we have implemented VULNEBDROID, an automated light weight obfuscation-tolerant static tool for computing the vulnerability score and assessing the vulnerability level of android applications. To assess the vulnerability, this tool selects the features of the application, like dangerous permissions used; vulnerable functions which can be used in order to misuse the application and can exploit the Application Programming Interface (API) to access the resources. Using this assessment tool, we are able to detect 96 % of malicious application as vulnerable either with high or medium degree of vulnerability.


Android application Vulnerability score Malware Obfuscation 


  1. 1.
    Feldman, S., Stadther, D., Wang, B.: Manilyzer: automated android malware detection through manifest analysis. In: IEEE 11th International Conference on Mobile Ad Hoc and Sensor Systems (2014)Google Scholar
  2. 2.
    Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: IEEE Symposium on Security and Privacy (SP) (2012)Google Scholar
  3. 3.
    Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for android. In: 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (2011)Google Scholar
  4. 4.
    Enck, W., Gilbert, P., McDaniel, P., Chun, B.-G.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM, October 2010Google Scholar
  5. 5.
    Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., McDaniel, P.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM (2014)Google Scholar
  6. 6.
  7. 7.
    Virutota. Accessed Mar 2016
  8. 8.
    Yuan, Z., Min, Y., Yang, Z., Gu, G., Ning, P., Zang, B.: Permission use analysis for vetting undesirable behaviors in android apps. IEEE Trans. Inf. Forensics Secur. 9(11), 1828–1842 (2014)CrossRefGoogle Scholar
  9. 9.
    Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: RiskRanker: scalable and accurate zero-day android malware detection. In: MobiSys. ACM (2012)Google Scholar
  10. 10.
    Jiang, X., Zhou, Y.: A survey of android malware. In: Jiang, X., Zhou, Y. (eds.) Android Malware. SpringerBreifs in Computer Science, pp. 3–20. Springer, New York (2013)CrossRefGoogle Scholar
  11. 11.
    Desnos, A.: Androguard (2011).
  12. 12.
  13. 13.
  14. 14.
  15. 15.
    Rastogi, V., Chen, Y., Jiang, X.: DroidChameleon: evaluating android anti- malware against transformation attack. In: ACM ASIA CCS, May 2013Google Scholar
  16. 16.
    Protsenko, M., Mller, T.: PANDORA applies non-deterministic obfuscation randomly to android. In: 2013 8th International Conference on Malicious and Unwanted Software: “The Americas” (MALWARE) (2013)Google Scholar
  17. 17.
    Malik, J., Kaushal, R.: CREDROID: android malware detection by network traffic analysis’. In: 1st ACM Workshop on Privacy-Aware Mobile Computing (2016)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2016

Authors and Affiliations

  1. 1.Department of Information TechnologyIndira Gandhi Delhi Technical University for WomenNew DelhiIndia

Personalised recommendations