The Android Package with the file extension .apk is the file format used by the Android operating system, and a number of other Android-based operating systems for distribution and installation of mobile apps, mobile games and middleware. It can be written in either Java or Kotlin. APK files can be generated and signed from Android App Bundles.
The main features to use in a machine learning model for malware detection in android apps are the app permissions, package name, and application name. Many malware uses randomly generated package names and application names. Besides, the permissions list in the application may indicate malicious actions. The table below shows the top 20 most common permissions on Android and their list of probabilities regarding samples of malicious and benign files.
| _id | permission name | malware | trusted |
|---|---|---|---|
| 0 | android.permission.READ_SETTINGS | 0.759804 | 0.240196 |
| 1 | android.permission.WRITE_SETTINGS | 0.732960 | 0.267040 |
| 2 | android.permission.ACCESS_NETWORK_STATE | 0.491252 | 0.508748 |
| 3 | android.permission.WRITE_EXTERNAL_STORAGE | 0.541546 | 0.458454 |
| 4 | android.permission.INTERNET | 0.501073 | 0.498927 |
| 5 | android.permission.READ_PHONE_STATE | 0.684312 | 0.315688 |
| 6 | android.permission.READ_SMS | 0.917888 | 0.082112 |
| 7 | android.permission.SEND_SMS | 0.927164 | 0.072836 |
| 8 | android.permission.RECEIVE_SMS | 0.920024 | 0.079976 |
| 9 | android.permission.WAKE_LOCK | 0.496733 | 0.503267 |
| 10 | android.permission.CALL_PHONE | 0.602928 | 0.397072 |
| 11 | android.permission.PROCESS_OUTGOING_CALLS | 0.749800 | 0.250200 |
| 12 | android.permission.CHANGE_COMPONENT_ENABLED_STATE | 0.553191 | 0.446809 |
| 13 | android.permission.RECEIVE_BOOT_COMPLETED | 0.730927 | 0.269073 |
| 14 | android.permission.ACCESS_FINE_LOCATION | 0.589695 | 0.410305 |
| 15 | android.permission.ACCESS_COARSE_LOCATION | 0.587610 | 0.412390 |
| 16 | android.permission.ACCESS_LOCATION_EXTRA_COMMANDS | 0.799704 | 0.200296 |
| 17 | android.permission.ACCESS_WIFI_STATE | 0.589934 | 0.410066 |
| 18 | android.permission.CLEAR_APP_CACHE | 0.922492 | 0.077508 |
| 19 | android.permission.MOUNT_UNMOUNT_FILESYSTEMS | 0.772438 | 0.227562 |
| 20 | android.permission.GET_TASKS | 0.747000 | 0.253000 |