An exploratory study on the evolution of Android malware quality

In the context of software engineering, product software quality measures how well a software artifact is designed and coded. Software products must satisfy nonfunctional properties (eg, reliability, usability, understandability, and maintainability), in order to make maintenance and evolution sustainable in the long period. Software evolution is an issue of interest for the malware writers, too, for 2 reasons. First, to evade detection with the minimum effort, malware writers use to produce “variants,” which are obtained by applying little changes to existing malware. Morevoer, recent studies demonstrated that malware is increasingly improving evasion strategies and infection mechanisms and is using more and more complex payloads. This suggests that malware writers are devoting relevant efforts and skills for producing high‐quality software. For this reason, we wonder whether malware writers are devoting effort to improve the structural quality of their code, too, as it happens in the development of goodware. To investigate this question, we (1) characterize a dataset containing about 20 000 Android applications, divided into goodware and malware ones, relying on the Android API version they require, and (2) compute software quality metrics, divided into 4 categories (ie, dimensional, complexity, object‐oriented, and Android‐oriented metrics) for apps belonging to each population. We then identify evolution trends of these metrics in malware and goodware. The results of our study demonstrate that goodware and malicious applications exhibit similar evolution trends for some of the quality indicators, suggesting that malware writers care about the overall quality of their code. Code quality could be considered an indirect measure of how many and how fast variants of existing malware will be released in the wild.

[1]  Juan E. Tapiador,et al.  A Look into 30 Years of Malware Development from a Software Metrics Perspective , 2016, RAID.

[2]  Romain Rouvoy,et al.  Tracking the Software Quality of Android Applications Along Their Evolution (T) , 2015, 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[3]  Kieran McLaughlin,et al.  Detecting obfuscated malware using reduced opcode set and optimised runtime trace , 2016, Security Informatics.

[4]  Aleksandrina Kovacheva,et al.  Efficient Code Obfuscation for Android , 2013, IAIT.

[5]  Gerardo Canfora,et al.  Exploring Mobile User Experience Through Code Quality Metrics , 2016, PROFES.

[6]  Laurie A. Williams,et al.  Predicting Android Application Security and Privacy Risk with Static Code Metrics , 2017, 2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems (MOBILESoft).

[7]  Ricardo J. Rodríguez,et al.  Detection of Intrusions and Malware, and Vulnerability Assessment , 2016, Lecture Notes in Computer Science.

[8]  Stefano Zanero,et al.  HelDroid: Dissecting and Detecting Mobile Ransomware , 2015, RAID.

[9]  Gerardo Canfora,et al.  Android apps and user feedback: a dataset for software evolution and quality improvement , 2017, WAMA@ESEC/SIGSOFT FSE.

[10]  Ashkan Sami,et al.  Evaluating and comparing complexity, coupling and a new proposed set of coupling metrics in cross-project vulnerability prediction , 2016, SAC.

[11]  Linda H. Rosenberg,et al.  Software Quality Metrics for Object-Oriented Environments , 2002 .

[12]  Heng Yin,et al.  Attacks on WebView in the Android system , 2011, ACSAC '11.

[13]  Zhiqiang Wei,et al.  Research on SQLite Database Query Optimization Based on Improved PSO Algorithm , 2016 .

[14]  A. B. Bhavani Cross-site Scripting Attacks on Android WebView , 2013, ArXiv.

[15]  Carsten Willems,et al.  Learning and Classification of Malware Behavior , 2008, DIMVA.

[16]  Marjan Hericko,et al.  Using Object Oriented Software Metrics for Mobile Application Development , 2013, SQAMIA.

[17]  Alexander Chatzigeorgiou,et al.  Identification of extract method refactoring opportunities for the decomposition of methods , 2011, J. Syst. Softw..

[18]  Robert V. Binder,et al.  Design for testability in object-oriented systems , 1994, CACM.

[19]  Mamdouh Alenezi,et al.  Empirical Analysis of Static Code Metrics for Predicting Risk Scores in Android Applications , 2018 .

[20]  Raymond Roberts MALWARE DEVELOPMENT LIFE CYCLE , 2008 .

[21]  Riccardo Scandariato,et al.  Predicting vulnerable classes in an Android application , 2012, MetriSec '12.

[22]  Ilenia Fronza,et al.  Better Code for Better Apps: A Study on Source Code Quality and Market Success of Android Applications , 2015, 2015 2nd ACM International Conference on Mobile Software Engineering and Systems.

[23]  Chris F. Kemerer,et al.  A Metrics Suite for Object Oriented Design , 2015, IEEE Trans. Software Eng..

[24]  Andrew Meneely,et al.  Examining the relationship between security metrics and user ratings of mobile apps: a case study , 2016, WAMA@SIGSOFT FSE.

[25]  Adam Doupé,et al.  Target Fragmentation in Android Apps , 2016, 2016 IEEE Security and Privacy Workshops (SPW).

[26]  Diomidis Spinellis,et al.  Undocumented and unchecked: exceptions that spell trouble , 2014, MSR 2014.

[27]  Fabio Massacci,et al.  StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Applications , 2015, CODASPY.

[28]  Norman E. Fenton,et al.  Software metrics: roadmap , 2000, ICSE '00.

[29]  G. Ann Campbell,et al.  SonarQube in Action , 2013 .

[30]  Gerardo Canfora,et al.  Obfuscation Techniques against Signature-Based Detection: A Case Study , 2015, 2015 Mobile Systems Technologies Workshop (MST).

[31]  Aniello Cimitile,et al.  Talos: no more ransomware victims with formal methods , 2018, International Journal of Information Security.

[32]  Xiaojiang Du,et al.  Predicting Vulnerable Software Components Using Software Network Graph , 2017, CSS.

[33]  Roberto Giacobazzi,et al.  Semantic-Based Code Obfuscation by Abstract Interpretation , 2005, ICALP.

[34]  Ali Feizollah,et al.  The Evolution of Android Malware and Android Analysis Techniques , 2017, ACM Comput. Surv..

[35]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[36]  Thomas Schreck,et al.  Mobile-sandbox: having a deeper look into android applications , 2013, SAC '13.

[37]  Heng Yin,et al.  Android Application Security: A Semantics and Context-Aware Approach , 2016 .

[38]  Michele Lanza,et al.  Software Analytics for Mobile Applications--Insights & Lessons Learned , 2013, 2013 17th European Conference on Software Maintenance and Reengineering.

[39]  Dan Arp,et al.  Drebin : � Efficient and Explainable Detection of Android Malware in Your Pocket , 2014 .

[40]  Martin Glinz,et al.  On Non-Functional Requirements , 2007, 15th IEEE International Requirements Engineering Conference (RE 2007).

[41]  Gabriele Bavota,et al.  API change and fault proneness: a threat to the success of Android apps , 2013, ESEC/FSE 2013.

[42]  Konstantina Papagiannaki,et al.  What's app?: a wide-scale measurement study of smart phone markets , 2012, MOCO.

[43]  Antonella Santone,et al.  Ransomware Steals Your Phone. Formal Methods Rescue It , 2016, FORTE.

[44]  A. Jefferson Offutt,et al.  Quality Attributes of Web Software Applications , 2002, IEEE Softw..

[45]  Tilo Müller,et al.  Android Malware Detection Based on Software Complexity Metrics , 2014, TrustBus.

[46]  Barry W. Boehm,et al.  Understanding and Controlling Software Costs , 1988, IEEE Trans. Software Eng..

[47]  Steve Hanna,et al.  A survey of mobile malware in the wild , 2011, SPSM '11.

[48]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[49]  Andrea De Lucia,et al.  Lightweight detection of Android-specific code smells: The aDoctor project , 2017, 2017 IEEE 24th International Conference on Software Analysis, Evolution and Reengineering (SANER).

[50]  George Lawton Is It Finally Time to Worry about Mobile Malware? , 2008, Computer.

[51]  Mu Zhang,et al.  Android Application Security , 2016, SpringerBriefs in Computer Science.

[52]  Antonella Santone,et al.  Ransomware Inside Out , 2016, 2016 11th International Conference on Availability, Reliability and Security (ARES).

[53]  Paul W. Oman,et al.  Development and Application of an Automated Source Code Maintainability Index , 1997, J. Softw. Maintenance Res. Pract..

[54]  Ahmed E. Hassan,et al.  Fresh apps: an empirical study of frequently-updated mobile apps in the Google play store , 2015, Empirical Software Engineering.

[55]  Alfonso Fuggetta,et al.  Software process: a roadmap , 2000, ICSE '00.

[56]  Maqsood Ahmad,et al.  StaDART: Addressing the problem of dynamic code updates in the security analysis of android applications , 2020, J. Syst. Softw..

[57]  Atanas Rountev,et al.  Testing for poor responsiveness in android applications , 2013, 2013 1st International Workshop on the Engineering of Mobile-Enabled Systems (MOBS).

[58]  David Lo,et al.  What are the characteristics of high-rated apps? A case study on free Android Applications , 2015, 2015 IEEE International Conference on Software Maintenance and Evolution (ICSME).

[59]  Anas N. Al-Rabadi,et al.  A comparison of modified reconstructability analysis and Ashenhurst‐Curtis decomposition of Boolean functions , 2004 .