Data Model for Android Package Information and Its Application to Risk Analysis System.

ABSTRACTAndroid Package (APK) analysis is one of the basic processes for risk analysis of Androids. It requires huge amounts of APK files and related information to produce meaningful output, but individual organizations collecting and accumulating these in isolation is inefficient; collaborative accumulation of information is of greater help. This paper provides a data model for describing and exchanging information on APK files that can be used for analyzing their security risks. The model facilitates efficient exchange, sharing, and accumulation of such information. We then introduce a prototype implementation that accumulates and analyzes APK information and that visualizes security risks of the Android terminals to demonstrate the usability of the proposed data model. The paper discusses future directions of this work based on the prototype.