AndroCrawl : studying alternative Android marketplaces

Applications, on mobile platforms, are distributed through app marketplaces, online stores where users can discover new software and automatically install it on their devices. In the Android ecosystem, thanks to its openness, a big number alternative markets emerged in these years, in addition to the official Google Play Store. However, due to its fragmentation and the lack of systematic studies, the world of alternative markets is still blurred. The novel work we propose in this thesis aims exactly to fill this gap, studying in detail alternative Android marketplaces and determining the level of risk they represent for users. Leveraging applications metadata used by stores to promote their products, we propose two set of measurements in order to characterize marketplaces and to evaluate their security. We perform them on 318,515 Android applications, gathered in a period ranging from September to November 2013, from a carefully chosen group of 8 alternative markets. Among our key results, we found that at least 73.38% of applications of each market are free. The average price for paid products ranges from 1.796$ to 3.949$ and the most prominent category is "games". Furthermore, we observed that marketplaces have a small number of intersections. From a security perspective, we discovered that 70,026 applications have been flagged as malicious by at least one antivirus and most of the samples are unique to a specific alternative market. Among these, 81.88% are adware. Using applications metadata we also observed that malware authors distribute averagely more than one malicious application with the same account and roughly in 50% of the cases they publish also benign applications. Moreover we discovered that, looking at downloads values distributions, malicious and benign apps are almost indistinguishable.