Malware for advanced mobile phones has soared throughout the most recent years. Market administrators confront the test of keeping their stores free from vindictive applications, an assignment that has turned out to be progressively mind boggling as malware designers are dynamically utilizing propelled systems to vanquish malware recognition instruments. One such system normally saw in late malware tests comprises of concealing and muddling modules containing malignant usefulness in spots that static examination devices disregard (e.g., inside of information articles). In this paper, we portray a dynamic investigation approach for recognizing such shrouded or jumbled malware segments appropriated as parts of an application bundle. It comprises of breaking down the behavioral contrasts between the first application and various naturally created forms of it, where various changes (issues) have been painstakingly infused. Noticeable contrasts as far as exercises that show up or vanish in the adjusted application are recorded, and the subsequent differential mark is broke down through an example coordinating procedure driven by standards that relate diverse sorts of shrouded functionalities with examples found in the mark. An exhaustive avocation and a depiction of the proposed model are given. The broad exploratory results acquired by testing ALTERDROID over important applications and malware tests bolster the quality and practicality of our Proposal.

Y. Wang, K. Streff, and S. Raman, “Smartphone security challenges,” IEEE Computer, vol. 45, no. 12, pp. 52–58, 2012.

L. Cai and H. Chen, “Touchlogger: inferring keystrokes on touch screen from smartphone motion,” in Proc. USENIX, ser. HotSec’11, Berkeley, CA, USA, 2011, pp. 9–9.

E. Fernandes, B. Crispo, and M. Conti, “Fm 99.9, radio virus: Exploiting fm radio broadcasts for malware deployment,” IEEE TIFS, 2013.

T. Vidas and N. Christin, “Sweetening android lemon markets: Measuring and combating malware in application marketplaces,” in Proc. ACM, ser. CODASPY ’13. ACM, 2013, pp. 197–208.

J. Oberheide and C. Miller, “Dissecting the android bouncer,” SummerCon2012, New York, 2012.

G. Suarez-Tangil, J. E. Tapiador, P. Peris, and A. Ribagorda, “Evolution, detection and analysis of malware for smart devices,” IEEE Comms. Surveys & Tut., vol. 16, no. 2, pp. 961–987, May 2014.

M. Rangwala, P. Zhang, X. Zou, and F. Li, “A taxonomy of privilege escalation attacks in android applications,” Int. J. Secur. Netw., vol. 9, no. 1, pp. 40–55, Feb. 2014.

S. Chakradeo, B. Reaves, P. Traynor, and W. Enck, “Mast: Triage for market-scale mobile malware analysis,” in Proc. ACM, ser. WiSec ’13. New York, NY, USA: ACM, 2013, pp. 13–24

M. Grace, Y. Zhou, Q. Zhang, S. Zou, and X. Jiang, “Riskranker: scalable and accurate zero-day Android malware detection,” in Proc., ser. MobiSys ’12. ACM, 2012, pp. 281–294.

Y. Zhou and X. Jiang, “Dissecting Android malware: Characterization and evolution,” in Proc. IEEE, ser. SP ’12. Washington, DC, USA: IEEE Computer Society, 2012, pp. 95–109.

G. Suarez-Tangil, J. E. Tapiador, and P. Peris-Lopez, “Stegomalware: Playing hide and seek with malicious components in smartphone apps,” in INSCRYPT 2014, December 2014.

A. Desnos and et al., “Androguard: Reverse engineering, malware and goodware analysis of android applications,” https://code.google.com/p/androguard/, Visited Feb.2015

Panxiaobo, “Apktool: A tool for reverse eng. android files,” https://code.google.com /p/android-apktool/, Visited Feb. 2015.

L. K. Yan and H. Yin, “Droidscope: seamlessly reconstructing the os and Dalvik semantic views for dynamic Android malware analysis,” in Proc. USENIX, ser. Security’12. Berkeley, CA, USA: USENIX Association, 2012, pp. 29–29.

G. Suarez-Tangil, J. E. Tapiador, P. Peris-Lopez, and J. Blasco, “Dendroid: A text mining approach to analyzing and classifying code structures in android malware families,” Expert Systems with Applications, vol. 41, no. 1, pp. 1104–1117, 2014.

V. I. Levenshtein, “Binary Codes Capable of Correcting Deletions, Insertions and Reversals,” S. Physics Doklady, vol. 10, p. 707, 1966.

T. Kumazawa and T. Tamai, “Counter example-based error localization of behavior models,” in Proc., ser. NFM’11. Berlin, Heidelberg: Springer-Verlag, 2011, pp. 222–236.

G. Suarez-Tangil, F. Lombardi, J. E. Tapiador, and R. Di Pietro, “Thwarting obfuscated malware via differential fault analysis,” IEEE Computer, vol. 47, no. 6, pp. 24–31, June 2014.

C. Zheng, S. Zhu, S. Dai, G. Gu, X. Gong, X. Han, and W. Zou, “Smartdroid: an automatic system for revealing UI-based trigger conditions in Android applications,” in Proc. ACM, ser. SPSM ’12. N