Familiarity breeding contempt hits home in the results of a new study into the security threat from apps on Google Play. The research, conducted by the University of Sydney and CSIRO’s Data61, has unearthed thousands of dangerous apps hiding in plain sight in the online store, tricking users by mimicking popular alternatives. The study used artificial intelligence to identify likely counterfeits, before testing them for malware and other vulnerabilities.

The study deployed a neural network to examine both the design of icons and the wording in descriptions, reviewing “1.2 million apps” to identify “potential counterfeits for the top 10,000 apps.” It found “2,040 potential counterfeits that contain malware in a set of 49,608 apps that showed high similarity to one of the top 10,000 popular apps in the Google Play Store.” The research also found “1,565 potential counterfeits asking for at least five additional dangerous permissions than the original app and 1,407 potential counterfeits having at least five extra third-party advertisement libraries.”

The use of pre-trained AI algorithms to evaluate style and content “outperforms many baseline image retrieval methods for the task of detecting visually similar app icons,” and on the large dataset of more than1.2 million app icons, the study’s methods achieve “8%-12% higher precision” than alternatives.

“Many counterfeits can be identified once installed,” the authors explain, “however even a tech-savvy user may struggle to detect them before installation,” thus the idea to try the “novel approach of combining content embeddings and style embeddings generated from pre-trained convolutional neural networks to detect counterfeit apps.”

The study found that the 2,040 most dangerous counterfeits “were marked by at least five commercial antivirus tools as malware,” although, encouragingly, 6-10 months since we discovered the apps, 27%-46% of the potential counterfeits we identified are not available in Google Play Store, potentially removed due to customer complaints.”

None of this should come as a surprise-the insecurity of apps on both Android and iOS has been very much in the headlines recently.

Last year, Buzzfeed News reported that “eight apps with a total of more than 2 billion downloads in the Google Play store have been exploiting user permissions as part of an ad fraud scheme that could have stolen millions of dollars.” All eight apps were Chinese in origin, with seven from a single developer, Cheetah Mobile. “The companies claim more than 700 million active users per month for their mobile apps.”

And this month alone, Davey Winder reported for Forbes on the threat from mobile applications, leaving “iPhone and iPad users not as secure as they might imagine, [with] their personal data at risk.” ZDNet has reported that “three-quarters of mobile applications have vulnerabilities relating to insecure data storage, leaving both Android and Apple iOS users open to cyber attacks.” And TechCrunch has reported on vulnerabilities even in U.S. mobile banking apps.

Smartphone users cannot claim that they’re not being warned.

Both Google and Apple continue to fight the good fight to keep their ecosystems secure, and on Android Google Play Protect has been designed to guard against just such vulnerabilities. Google has also said that “in 2018, we introduced a series of new policies to protect users from new abuse trends, detected and removed malicious developers faster, and stopped more malicious apps from entering the Google Play Store than ever before. The number of rejected app submissions increased by more than 55%, and we increased app suspensions by more than 66%.”

The use of AI to moderate content and promote internet safety has been catapulted into the news by social media’s woes in the last 12 months. Projects like Google’s Jigsaw are a sign of things to come. This study is a start on applying the same thinking to a different realm, but one that struggles with the same issues of scale and user naivety.

Ultimately, there’s no substitute for common sense and treating apps from unknown sources as potential threats. And that means checking carefully, not clicking casually. We carry all of the most valuable and private information we have on our smartphones, and we gladly give those devices access to the cloud storage where we store the rest. Our phones know where we live and work, and where we bank and spend. That’s worth remembering before inviting strangers into our virtual homes and giving them permission to roam around simply because they ask nicely.

The post Android Warning: Thousands Of Dangerous Copycat Apps On Google Play, Study Finds appeared first on Artificial Intelligence.

Google uses a clustering algorithm to automatically analyze Android apps and detect which ones can be considered intrusive, write Google security engineers Martin Pelikan, Giles Hogben, and Ulfar Erlingsson.

Intrusive apps are those that require the user to grant a larger set of capabilities than what would be strictly required for their proper functioning. For example, as Google engineers explain, a coloring book app will not usually need access to geolocation data. Other examples of capabilities that not all apps need to do their job are access to personal data, camera, address book, etc. Granting more privileges than strictly necessary is a potentially harmful, since you cannot really know what those data are used for. Among the most frequent cases of harmful app behaviours are: backdoors, spyware, data collection, denial of service, and many more.

The approach that Google follows to detect intrusive apps is based on the concept of functional peer group, i.e. a group of apps that share similar features and that should therefore require a similar set of authorizations. Once those groups are formed, it becomes possible to detect anomalous apps in each group, meaning those apps that require more privileges than similar apps do. This approach requires monitoring the Android Play Store, collecting detailed statistics, and discovering user expectations, so that app groups can be determined automatically. Indeed, according to Google engineers, fixed categorization and manual curation would be a tedious and error-prone task.

To make this approach more effective, Google uses deep learning to discover groups of apps that share similar characteristics using those apps’ metadata, which include textual descriptions and install metrics. Once peer groups are defined, anomaly detection is used inside of each group to identify anomalous apps, i.e. apps that show a mismatch between the privileges they require and their functionality. Anomalous apps are then inspected thoroughly to decide which ones are actually intrusive. That information is used also to determine which apps should be promoted, as well as to get in touch with potentially intrusive apps’ developers and help them improve the privacy and security of their apps.

The post Google Uses Machine Learning to Identify Intrusive Android Apps appeared first on Artificial Intelligence.