Analysis of Android Applications Shared on Twitter Focusing on Accessibility Services

Abstract

As the use of mobile devices for financial payments continues to increase, prevention of attacks by Android malware becomes critical. In this study, we collected apps shared on Twitter in 2018 to create a Twitter shared apps dataset. We also clarified the proportion of apps that contained malware and those utilizing accessibility services (ASs). Furthermore, we faced issues in determining whether an app is suspicious or benign using VirusTotal results and extracting permissions from apps. Using VirusTotal, we studied the distribution of the number of apps for each anti-virus engine that “detected” malware and analyzed the changes in results over time to determine thresholds. Additionally, we examined methods for extracting permissions using Apktool and the aapt command, installed apps that were judged to request ASs and examined whether they were requested to obtain more accurate results. We analyzed the usage rate of ASs and the requested permissions. Furthermore, we analyzed the target Android application program interface levels of suspicious apps that use ASs.