Cryptography, Security, and Privacy (CrySP)

This speaker series is made possible by an anonymous charitable donation in memory of cypherpunks and privacy advocates Len Sassaman, Hugh Daniel, Hal Finney, and Caspar Bowden.

View the list of past and upcoming speakers

On Mobile Malware

N. Asokan, Aalto University

[Download (MP4)]

December 16, 2013 1:15pm, in DC 1302


There is little information from independent sources in the public domain about mobile malware infection rates in the wild. The only previous independent and rigorous estimate (0.0009%) was based on indirect measurements obtained from domain name resolution traces. In this talk, I will present our study of malware infection rates and associated risk factors using data collected directly from over 55,000 Android devices. We find that the malware infection rates in Android devices estimated using our malware datasets (0.28% and 0.26%), though small, are significantly higher than the previous independent estimate. Using our datasets, we investigate how predictors extracted inexpensively from the devices correlate with malware infection. Our analysis demonstrates a marginally significant difference in battery use between infected and clean devices.

Based on the hypothesis that some application stores have a greater density of malicious applications and that advertising within applications and cross-promotional deals may act as infection vectors, we investigate whether the set of applications used on a device can serve as a predictor for that device becoming infected. Our analysis indicates that this alone is not an accurate predictor for pinpointing infection. However, it is a very inexpensive but surprisingly useful way for significantly narrowing down the pool of devices on which expensive monitoring and analysis mechanisms can be deployed. We show with our malware datasets, this predictor performs 4.8 and 4.6 times (respectively) better than the baseline of random checks. Such predictors can be used, for example, in the search for new or previously undetected malware. It is therefore a technique that can complement standard malware scanning by anti-malware tools.


N. Asokan is a Professor of Computer Science and Engineering at Aalto University and a Professor Computer Science at the University of Helsinki. Until recently, he worked in industrial research laboratories designing and building secure systems, first at the IBM Zurich Research Laboratory and then at Nokia Research Center. His primary research interest has been in applying cryptographic techniques to design secure protocols for distributed systems. Recently, he has been focusing on security for mobile devices and users. Asokan received his doctorate in Computer Science from the University of Waterloo.