Volume 4, Issue 3, March – 2019 International Journal of Innovative Science and Research Technology

ISSN No:-2456-2165

Analysis of Android Applications by Using Reverse

Engineering Techniques
Soe Myint Myat May Thu Kyaw
Myanmar Aerospace Engineering University University of Computer Studies, Yangon

Abstract:- Mobile devices have developed tremendous According to the report, the large population of
popularity over the last few years. The most popular potential victims give malware writers to target mobile
usage is the smart phones because they are capable of devices and states that the number of new smart phone
providing services such as banking, social network, and malware simples detected has doubled from 1000 per day
so on. The Android platform is the fastest growing in 2013 to 2000 per day in 2014 [8]. Based on these facts,
market in smart phone operating systems to date. The the android malware increased to the double rate within
malicious applications targeting the Android system 2014 and 2015. In the Trend Micro 2016 Security
have exploded in recent years. It needs to detect the Predictions report, CTO, Raimund Genes predicted the
malicious code on Android applications. This paper following: China will drive mobile malware growth to 20
focus on the analysis of the android apps by using the million by the end of 2016 [9].
reverse engineering tools for checking the malicious
activities. There are mainly two parts this analysis such Name Form of Attack
as permissions and java source codes analysis. The Expensive Wall A form of malware
results show that most of malware apps are located the Marcher A form of adobe flash player
unnecessary permission on AndroidManifest.xml to update
inject the malicious codes in the apps. Xavier A form of Trojan adware
Dvmap Injected puzzle game, Colourblock
Keywords:- Android Security, Reverse Engineering, Static Bankbot Injected a game, Jewels Star
Analysis, Android Malware. Classic
Table 1:- The Five Biggest Andorid Malware Attack in
I. INTRODUCTION 2017
Most of malware attacks are targeting Android The five biggest android malware attacks in 2017 [20]
operating system because of the growing market of smart are shown in Table I. The first one, Marcher is found on
phones, called Android, and this is a most popular third-party markets and other malware attacks are
operating system, open source platform of Google. Android discovered from Google Play store. Expensive Wall sent
is mainly used in mobile devices such as smart phone and fake messages and charged without users’ permission. The
tablets. They support several features such as Wi-Fi, second one, Marcher would disable security, removes its
Bluetooth, voice, data, GPS, etc. And, they also provide the icon, sent all device’s information to C&C when the users
useful services such as gaming, internet browsing, banking, open an app from it list of targets. It could steal login
social networking, etc. credentials from retail, social media and banking apps. The
third one, Xavier can quietly store personal and financial
According to the data from International Data data from users by hiding inside the several types of apps
Corporation (IDC),the world-wide smartphone market such as ringtone changers, photo manipulators, call
grew 0.7% year over year, with 344.7 million shipments [7]. recorders and so on. Another one, Dvmap could inject code
The world wide smart phone market reach a total 355.2 into system library and eliminate root detection software by
million units shipped in 2018 and Android will dominate hiding inside puzzle game, Colourblock. And another
the market with an 89.0% share in 2019. attack, Bankbot created fake overlay screens which looked
like the login pages of popular banking apps by injecting
Android is one of the most popular operating system inside a game, Jawels Star Classic. And then the data was
because it is an open source operating system. It has some passed onto cybercriminals when they entered their login
basic features such as middleware in the form of virtual credential.
machines, system utilities and applications. The most
attractive feature is the ability to extend its functionality In the proposed system, it is used the reversed
with third-party applications. But, this feature brings with it engineering tool such as apktool, dex2jar and jdgui for
the threat, attacks of malicious applications. The increase static malware analysis. This paper is organized as follows.
of mobile applications causes the challenges of security In section II, it will discuss about the related work of the
that is the vulnerable of the applications and these become previous research work. Section III will be expressed
the target of malicious application developers. background theory about android architecture, security and
malware. Reverse engineering methodology and tools will
be discussed in Section IV. The implementation and

IJISRT19MA280 www.ijisrt.com 551

Volume 4, Issue 3, March – 2019 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
analysis results will be explained in Section V and this detection malware because the benign app can also use the
paper will conclude in Section VI. same permission like that malware. In [1], [3], and [4], the
static analysis is used the reverse engineering tools to
II. RELATED WORK detect malicious nature such as repackaging and
advertisement.
There are many research works that are implemented
on android malware analysis. Most of them are based on But it is still needed to implement the effective
static analysis and these are used reverse engineering malware detection framework because the previous
methodology to analyze the apps. researches works are partially effective in their proposed
works and some gaps such as detecting of unknown
C.Y. Huang et al. [2] proposed their research work malware and reducing of false positive alarm are still
with the performance evaluation on permission-based remained. The main gap of the current research works is
detection for android malware. They analyzed the required only effective in well-known attacks because of the rise of
and requested the permissions for application and labels the the malware attacks and the budding of malware natures
apps as benign or malware using site based, scanner based such as ADB.Miner, a copycat from Marai which is IoT
and mixed labeling. And then, they used machine learning botnet.
algorithms on three data sets and evaluates the permission
based malware detection performance. It can detect 81% of III. BACKGROUND THEORY
malicious application just upon their dataset.
This section will discuss about android application
S. M. A. Ghani et al. [3] presented the static analysis architecture, security and malware that are populated on
technique that extracted the android apps including benign recent years.
and malware for getting their original source code. They
compared API and manager classes from these apps and A. Android Application Architecture
categorized them. The most frequent API and manager The APK bundle is the format used to package the
class used in malware will be detected. They extracted the android apps that can be got from Google Play Store or any
feature by using Androguard, a reverse engineering tool third-party markets [13]. An APK file is basically a ZIP file,
and compared the extracted source code by categorized the it can be renamed and can be extracted their contents. Table
APIs and manager classes. Their result show that there are II shows the basic architecture of the android application.
relationship between API and manager classes in malicious
apps. Entry Notes
AndroidManifest.x The manifest file in binary XML
Y. Cuixia et al. [1] proposed the tool to design a UI ml format to set the resources
modeling method in Android. It based on attribute graph by permission.
using reverse engineering and program analysis for classes.dex The application code compiled in
applications. Their method is to detect repackaging the dex format.
detection for malware and assessmentation of apps family. resources.arsc This file contains precompiled
Therefore, their method can also be used to detect application resources, in binary
repackaged apps by checking the UI, functions and XML.
appearances similarity between member families. Their res/ This folder contains resources not
approach achieved 94.74% detection rate at UI and 26.13% compiled into resources.arsc
at repackaging detection. And, they show tht 50% of assets/ This folder contains applications
repackaged apps use the same UI. Their result shows that assets, which can be retrieved by
the UI modeling method helps to detect repackaged Asset Manager.
applications include malicious apps. lib/ This folder contains compiled
code, native code libraries.
J. Y. Pan et al. [4] proposed the framework to META-INF/ This folder stores meta data about
eliminate the advertisement by filtering or redirection for the contents of the JAR. The
targeted application. Some of them require root permission. signature of the APK is also stored
They develop an advertisement removal program with the in this folder.
technique of reverse engineering, which can effectively Table 2:- Android Application Architecture [13]
patch the advertising code, even obfuscated by other tools.
However, this proposed method cannot work on B. Android Security
customized code of loading advertisement. Android apps run in separate processes under distinct
Unix user identifiers (UIDs) each with distinct permissions
A number of researchers introduced the permission as shown in Fig. 1. Programs can’t either read or write each
based malware detection. The performance evaluation of other’s data or code of apps, and applications must be done
permission based detection [2] is also implemented this explicitly for sharing data. There are two levels for android
type of detection. But the permission list is still the security such as Linux Kernal level and Application
minimum defense for a user to detect whether an app could Framework level.
be harmful. These works can’t completely grantee for

IJISRT19MA280 www.ijisrt.com 552

Volume 4, Issue 3, March – 2019 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
C. Android Malware
Android Applications Mobile malware is malicious software that targets
UID: 1001, 1002,….. mobile phones by causing the crash of the system and
stealing the confidential information. The first known
mobile virus, “Timofonica”, originated in Spain and was
identified by antivirus labs in Russia and Finland in June
System Process 2000 [10].
UID: System

1.65
Linux Kernel
14.12 Trojan -SMS
Fig 1:- Android security model 37.07 Rooter
Backdoor
 Linux Kernel Level Security 21.44 Spyware
Android relies on Linux both of the process, memory Trojan
and file system management. It is also one of the most Adware
important components in the Android security architecture. 8.07 14.26
Trojan -SPY
3.39
And, it is responsible for provisioning Application
Sandboxing and enforcement of some permission.

 Application Framework Level Security Fig 2:- The growing threat of android mobile malware [10]
Android applications consist of different components
and there is no central entry point unlike Java programs The top android malware families are shown in Fig. 2.
with the main method. Therefore, it is needed to declare the Trojan is the most spread types in android malware. All
resources permission by the developer of an application in types of Trojan malware are totally 60.16% all of malware
the AndroidManifest.xml file. Permissions are used for [11]. The second more attack type is the Advertising
protecting the access to the system resources. The third- Malware (Adware).
party applications developers may also use custom
permissions to guard the access to the components of their The behavior of different malware families is
applications. provided in subsequent sections.
 Android Permission  Trojans
The Android operating system uses a permission- Trojans appear to a user as benign application but it is
based model not only to limit the behavior of an application actually steal the user’s confidential information without
but also to inform the user of the application’s potential the user’s knowledge. Such applications can easily get
behavior. An application is needed to declared the required access to the browsing history, messages, contacts and
permissions in AndroidManifest.xml file. The user can device IMEI numbers [8]. Mobile banking Trojans can run
decide to grant the list of permissions, an application together with Win-32 Trojans to bypass the two-factor
requests when it is to be installed. The user gets to make authentication and the theft of banking verification codes
the choice whether or not to install the application based on that banks send their customers in SMS messages. These
the list of permissions. Once an application is installed, the trojans attack a limited number of bank customers and it
permissions that it has remains static. The android can invent new techniques to allow them for expanding the
permission classified into four different levels is shown in number and the geography of potential victims.
Table III.
 Rooter
Permission Notes Originally, the word “root” is used to refer to the root
Level account on Linux, that is to say, the system administrator,
Normal These cannot impart real harm to the user who has all the rights on the device and can modify all OS
(e.g. change the wallpaper) elements as it sees fit, including sensitive files. The rooted
Dangerous These can impart real harm (e.g. call phone or tablet means that the users get the system
numbers, open Internet connections, etc) administrator level and can control every resources on the
Signature These are automatically granted to devices. The root may include a phone blocking risk.
requesting app if that app is signed by the
same certificate.  Adware
Signature/ Same as Signature, expect that the system Adware is a software that contains advertisements
System image gets the permissions automatically embedded in the application. Adware targeted to the users
as well and it is designed only to use by who do not wish to pay the software cost. There are many
device manufacturers. adware ad-supported programs, games or utilities that are
Table 3:- Android Application Permission Level distributed as adware [19].

IJISRT19MA280 www.ijisrt.com 553

Volume 4, Issue 3, March – 2019 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
 Backdoor
A backdoor is a hidden program to bypass the Original program
security mechanisms. Sometimes, the developer may install
back door for troubleshootional purposes. Backdoors can
utilize the root exploits to grant root privileges for Source code translation
malwares and help them to hide from antivirus.

 Spyware
Program documentation
There are many reports the spyware as the serious
threat for mobile users Spyware threats are also highly
persistent according to security company and 0.24% of
Android devices that they scanned in the U.S. had Program modularisation
surveillance-ware installed intended to target a specific
individual [18].
Modularised program
 Botnet
Botnet is a network of compromised Android devices
which is running one or more bots. Botmaster, is also Data reengineering
called a remote server controls the botnet through the
Command and Control Server (C&C) network. The botnet Fig 3:- Reverse eingineering process
tendencies to actually hijack and control infected devices.
Reverse engineering techniques can also be used to
D. Reverse Engineering inject the modified code in the original one and it is also
Reverse engineering is called back engineering. called repackaging application. Therefore, it is always a
Reverse engineering can also be the process of extracting good practice to check the developers who develop the
knowledge or design information from a product that can application for security reasons. It is needed to check the
be hardware or software. Fig. 3 shows the general reverse code or the resources that have been effectively obfuscated
engineering process. To make the source code translation, or to be sure that unwanted files have not been packaged
it is needed to use the automated tools that can convert one into the final release APK, including the information
language to another. Source code translation is a process of like API keys, authentication tokens or unused resources
converting from a language to another. This may be [13]. On the other way, reverse engineering techniques or
machine bytecodes to original source codes. It is needed to tools can be used to detect not only repackaged apps but
translate the original program to required human readable also malicious apps.
format. After that, it is needed to note the program structure
as the documentation. Most of the programs are too large, it There are many tools for reverse engineering for
is necessary to pass through program modularization android applications and the following are some of popular
process. Program modularization is a process of tools.
subdividing a program into separate sub-programs. After
getting the modularized programs, it is easy to analyze the  SMALI/BAKSMALI
whole program. Reengineering of data components of This tool is an assembler or dis-assembler for the dex
existing system can be done with the help of methods and format that is used by dalvik bytecode.
software tools. It extends the life of existing systems by
standardizing data definition and facilitating source code  ANDBUG
simplification. It is also called data reengineering process. This tool is also a debugger program for dalvik
bytecode and it uses the same interface as Android’s
Reverse engineering can reproduce the original one or Eclipse debugging plugin.
reproducing anything based on the extracted information.
In android application, there are many reasons for using  ANDROGUARD
reverse engineering. It can be trying to hack or inject This tool is a full python tool to perform with android
malicious code into an application. Repacakging is a files such as dex, apk, xml and bytecode resources.
methodology to modify an application with a particular
layout or animation by using the tools that could access the  APKTOOL
XML resource files of interest. It is the most useful tool for android reverse
engineering. It can be used for both decompiling and re-
compiling the android apps. It can generate smail, xml and
resources file.

 DEX2JAR
This tool can work with android.dex and java
bytecode *.class files. It can convert android(dex) file to
bytecode package (jar) file.

IJISRT19MA280 www.ijisrt.com 554

Volume 4, Issue 3, March – 2019 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
 JD-GUI
It is a graphical user interface tool to display java
source code from java bytecode (class) file.

IV. METHODOLOGY

This paper will focus on the malware analysis for

Android apps by using reverse engineering tools and static Fig 4:- Regenerating of bytecode using dex2jar
analysis. There are mainly two steps to extract the required
files for static analysis. The first one, it needs to extract  JD-GUI
permission information from AndroidManifest.xml of the JD-GUI is a standalone graphical utility and it can
apps. It needs to use apktool for extracting the permission display Java source codes from java object code “.class”
file. The second one to needed to analyse the java source files. It can be browsed the reconstructed source code with
codes for extracting the malicious codes. For this step, this tool for instant access to methods and fields [17]. This
dex2jar can be used to convert android (dex) file to java tool can translate *.jar file to *.java code. It is useful to
bytecode (jar) file. But, it is still needed to translate these check the source codes as java based language. Fig. 5
java bytecodes to java source codes. For this process, jdgui shows the reconstruction of java code from dex file using
can translate the java (class) file to source code (java) file. dex2jar.

A. Reverse Engineering Tools

There are many tools for reverse engineering for
android applications. Among them, the following tools will
be used for the malware analysis.

Fig 5:- Reconstruction of java code using dex2jar

B. Android Malware Analysis

In order to analyses a malware there are two methods,
namely, static analysis and dynamic analysis. This work
will only use static approach for malware detection because
static analysis is more effective than dynamic analysis. And,
Fig 3:- Decoding of android app using apktool the cost of computing cost is low and low cost consuming
in static analysis. It can classify as java source code
 APKTOOL analysis and permission based analysis. For these analysis,
A tool for reverse engineering 3rd party, closed, it is necessary to use reverse engineering methods or tools.
binary Android apps. It can decode resources to nearly
original form and it can rebuild them after making some Static analysis consists of executing a selected sample
modifications [15]. It also makes working with an app in a controlled environment to monitor its analysed and it
easier because of project-like file structure and automation determine whether it is malicious, and what the changes or
of some repetitive tasks like building apk, etc. It can extract modifications are in the system. Static analysis is a
the original source as smali code and the important commonly used tool in malware detection. For Java
permission file. Decoding process of android app using applications, static analysis works directly on the bytecode
apktool is shown in Fig. 4. and can perform various analyses such as reconstruct the
class hierarchy. This analysis find method invocations and
 DEX2JAR extract control-flow and data-flow information [6] from
This tools is to work with android.dex and java .class them. In a static analysis, it analyze the apk file which has a
files [16]. It can convert the classes.dex file to classes- common characteristic with jar file for detection the
dex2jar.jar file. This jar file is the combination of original malicious application. After the resources such as files and
source class files. The process of this tool is shown in Fig. folders are extracted, the static analysis will be mainly
4. It is useful for extracting the original sources as java byte focused on two components such as AndroidManifest.xml
code. and classes.dex [18]. This xml file is one of main feature
because all the processes need to set the permission in this
file. Therefore, it is needed to check whether unnecessary
permission will be used or not.

IJISRT19MA280 www.ijisrt.com 555

Volume 4, Issue 3, March – 2019 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
V. IMPLEMENTATION Apk Manifest Permission
iCalendar.apk INTERNET
There are some reverse engineering tools that are ACCESS_COARSE_LOCATION
used to analysis and check the applications for mobile RESTART_PACKAGES
security. The apktool is used to extract the permission file. RECEIVE_SMS
Dex2jar is used to re-convert the *.jar file from original SEND_SMS,
apps and Jdgui is used for viewing the java code from *.jar SET_WALLPAPER
file. The proposed flow of malware analysis architecture is Kalendar INTERNET,
shown in Fig. 6. Indonesia.apk ACCESS_NETWORK_STATE
Calendar.apk RECEIVE_BOOT_COMPLETED
The analysis has basically two parts, permission and WRITE_EXTERNAL_STORAGE
source code analysis. For the permission analysis, it will READ_CONTACTS
use apktool that it can extract the AndroidMinifest.xml and VIBRATE
original bytecodes. These codes are based on the machine READ_CALENDAR
code which is implemented in smili language. This analysis WRITE_CALENDAR
will only use permission file because smali codes are WAKE_LOCK
difficult to analysis and it will need several process. Table 4:- Analysis Result of Calendat Apks

Table IV shows the analysis result of three types of

calendar apps such as iCalender.apk, Kalendar
Indonesia.apk and Claendar.apk. Among them,
iCalender.apk is one of the malicious app and the other
apps are benign apps. In Kalendar Indonesia.apk, it only
used two permissions including internet access permission.
This permission used to implement for adding the ads in
the application but it didn’t add any dangerous malicious
code in the app. In Calendar.apk, there are seven access
permissions but these permissions are used only for giving
the calendar facilities. It is not using any malicious code
and it is also a benign app. But, some unnecessary
permissions (sms permissions) are used in iCalendar.apk
and it can be malicious app. The detail analysis of this app
will be shown in Table V.

Manifest Permissions Malicious Codes

INTERNET, SmsManager.getDefault
ACCESS_COARSE_LOCATI ().sendTextMessage("10
ON, 66185829", null,
RESTART_PACKAGES, "921X1",
Fig 6:- Flow of the Analysis RECEIVE_SMS, PendingIntent.getBroadc
SEND_SMS, ast(this, 0, new Intent(),
The permission file is important on android apps SET_WALLPAPER 0), null);
because it is needed to set the permission for several Table 5:- Analysis Result of iCalendar.apk
resources that are implemented in source codes. Most of
the malicious apps use the unnecessary permission that Some of the analysis results of the android apps (apk)
isn’t related with their apps, and it is needed to extract from that malware apps are shown in Table V, VI and VII. In
Android Minifest.xml. these tables, the left column is the manifest permission list
of the analyzed app and the right column is the malicious
For source code analysis, dex2jar and jdgui tools are code in the app. The existing several applications like
used. The first tool can convert the android apk to *.jar file Skype that needs many access to various data on the phone;
based on the java byte codes. But, these are also difficult to but there are a few applications like Wallpaper, Calendar,
analysis due to the implementation of java based machine etc that require very few permissions. In these tables, the
language. So, the second tool will be used to decompile analysis results are for a calendar application and two
*.jar file and it can generate the original java sources. In simple games. But these applications used several
the proposed analysis, the suspected android apps are permission and including unnecessary codes in the
carefully analyzed the source code if these apps will use packages. Other tested applications also include several
unnecessary permissions. Finally, it will report the selectd permission and some malicious codes such as SMS
app (apk) is malicious or benign app. receive/send, read content lists, location access and so on.

Table V is showed the analysis result of calendar

application that is called iCalendar.apk. It is only simple
application that it only needs to show the date of the years,
but it used several unnecessary permission such as internet

IJISRT19MA280 www.ijisrt.com 556

Volume 4, Issue 3, March – 2019 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
and sms. After checking the source code, it also used the Manifest Permissions Malicious Codes
malicious code that is used for sending information to INSTALL_PACKAGES, Object[] arrayOfObject =
premium number (1066185829). So, the analysis can USE_CREDENTIALS, (Object[])paramIntent.getExtr
determine that this app is a malicious application. INTERNET, as().get("pdus");
BLUETOOTH_ADMIN, SmsMessage[]
Manifest Permissions Malicious Codes DEVICE_POWER, arrayOfSmsMessage = new
WRITE_SMS, String str = READ_CONTACTS, SmsMessage[arrayOfObject.le
RECEIVE_BOOT_COMPL paramIntent.getStringExt SEND_SMS, ngth];
ETED, ra("ObjNG0Zw5A"); ACCESS_LOCATION, String str1 =
VIBRATE, SEND_SMS, Intent localIntent = new ACCESS_GPS arrayOfSmsMessage[0].getMe
READ_SMS, Intent("android.intent.act ssageBody();
RECEIVE_SMS, ion.CALL", SmsManager.getDefault().sen
READ_PHONE_STATE, Uri.parse("tel:" + str)); dTextMessage("0646112264",
DISABLE_KEYGUARD, paramContext.startActivi null, str1, null, null);
READ_CONTACTS, ty(localIntent);
WRITE_CONTACTS, Table 7:- Analysis Result of SuiConFo.apk
INTERNET,
ACCESS_NETWORK_STA There are mainly used the reverse engineering tools
TE, such apktool, dex2jar and jdgui for these analysis. Actually,
READ_PHONE_STATE, apktool can generate the permission file, source codes and
CALL_PHONE, resource files. It is useful for static analysis to extract the
WAKE_LOCK, unnecessary permission usages and malicious code. But,
RESTART_PACKAGES, these extracted source codes are implemented with smali,
WRITE_APN_SETTINGS bytecode format. It is difficult to understand and it can’t
Table 6:- Analysis Result of qqgame.apk easily extract malicious features. Therefore, dex2jar and
jdgui tools are needed to use for extracting the malicious
Other analysis are based on the android games, features. Dex2jar can convert the android bytecodes (dex
qqgame.apk and suiconfo.apk. These results are shown in format) to java bytecodes (jar format). This jar format is a
Table VI and VII. These apps also used the unnecessary package of java (.class) files combination. Jdgui can
permissions that are not related with the game features. In translate this files (.class) to (.java). After that, it can easily
qqgame, the usage of sms and contact permissions are not extract the malicious features. If it is possible to analyze the
related with this game feature. These can utilize to keep smali codes, apktool can only be used for static analysis.
and watch on the users of their calls. And, it is trying to use
the intent.action class by passing the specific number from VI. CONCLUSIONS
the predefined string (ObjNG0Zw5A).
This analysis has to break apart the application or
In suiconfo, it also used the unnecessary permissions malware using the reverse engineering tools and techniques.
such as location access, sms send and contact read. And it For this analysis, the results are based on the manually
used the malicious codes which are implemented to send checking mechanism after converting to the original source
the personal information to the premium number codes by using the reverse engineering tools. As the results,
(0646112264) as in the background process. The users can some apps consist of the unnecessary permissions which
only know that they only play the game but their personal are used to inject the malicious code for stealing the
information is stolen in the background by the malicious information. For this reason, the user should need to check
developer. the usage the permission of the apps when it will be
installed in the mobile devices. As the future work, the
Most of malware apps include the malicious code that automatic detection mechanism will be proposed for
can read contact data to be used to send span messages of checking the malicious features.
just keep track of the user’s personal data. Some of apps
can be finding GPS location. The permission of android ACKNOWLEDGEMENT
apps can enable an application to track the collect
information regarding the user who does not comfortable The authors are grateful for the supports provided by
providing. The internet access permission is also the most Myanmar Aerospace Engineering University.
command and dangerous permissions. This internet access
permission is requested by all application that supports
advertisements, video games, etc. But, most of the freeware
apps used internet access permissions to use the
advertisement purpose.

IJISRT19MA280 www.ijisrt.com 557

Volume 4, Issue 3, March – 2019 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
REFERENCES [19]. V. Beal, “Adware”, [Online],
https://www.webopedia.com/TERM/A/adware.html
[1]. Y. Cuixia, Z. Chaoshun, G. Shanqing, H. Chengyu, C. [20]. A. Elise, “5 types of Android Malware that made
Lizhen, “UI ripping in android: reverse engineering of headlines in 2017”, December, 2017. [Online],
graphical user interfaces and its application”, IEEE http://www.kcci.com/article/5-types-of-android-
Conference on Collaboration and Internet Computing, malware-that-made-headlines-in-2017/14508001
2015.
[2]. C.Y. Huang, Y.T. Tsai, and C.H. Hsu, “Performance
evaluation on permission-based detection for android
malware”, Adv. Intell. Syst. Appl. - Vol. 2, vol. 21,
pp. 111–120, 2013.
[3]. S .M. A. Ghani, M. F. Abdollah, R. Yusof, M. Z.
Mas’ud, “Recognizing API Features for
MalwareDetection Using Static Analysis”, Journal of
Wireless Networking and Communications, 2015.
[4]. J. Y. Pan, S. H. Ma, “Advertisement Removal of
Android Applications by Reverse Engineering”,
Workshop on Computing, Networking and
Communications (CNC), 2017.
[5]. T. K. Barsiya1, M. Gyanchandani, R. Wadhwani,
“Android Malware Analysis: A Survey Paper”,
International Journal of Control, Automation,
Communication and Systems (IJCACS), 2014.
[6]. Y. J. Ham, H. W. Lee, “Detection of Malicious
Android Mobile Applications Based on Aggregated
System Call Events”, International Journal of
Computer and Communication Engineering, Vol. 3,
No. 2, March 2014.
[7]. “Smartphone OS Market Share, 2016 Q2”, [Online],
http://www.idc.com/prodserv/smartphone-os-market-
share.jsp
[8]. “Cumulative Number of Android Malware in 2015”,
[Online], https://www.itvoice.in/index.php/it-voice-
news/android-malw are-doublyed-in-2015-vs-2014-
reports-trend-micro-2015-threat-report
[9]. “Continued Rise in Mobile Threats for 2016”,
[Online], http://blog.treandmicro.com/continued-rise-
in-mobile-threats-for-2016
[10]. “Mobile Malware”, [Online],
http://en.wikipedia.org/wiki/Mobile_malware
[11]. “The Growing Threat of Mobile Malware”, [Online],
http://blogarchive.quickheal.com/wp/the-growing-
threat-of-mobile-malware-top-android-malware-
families-of-2012/
[12]. “Backdoor”http://searchsecurity.techtarget.com/defini
tion/back-door
[13]. D. Altomare, “Android Reverse Engineering”,
November 2016. [Online],
http://www.fasteque.com/android-reverse-
engineering-101-part-4/
[14]. “Smali/Baksmali”, [Online],
https://github.com/JesusFreke/smali
[15]. “Apktool”,
[Online],https://ibotpeaches.github.io/Apktool/
[16]. “Dex2jar”, [Online],
https://sourceforge.net/projects/dex2jar/
[17]. “Java Decompiler”, [Online], http://jd.benow.ca/
[18]. J. Kirschner, [Online], “Moblie Security Apps
Perform Dismally Against Spyware”,
https://www.techlicious.com/review/mobile-security-
apps-perform-dismally-against-spyware/

IJISRT19MA280 www.ijisrt.com 558