Android

This dataset accompanies Andro-Profiler, a hybrid behavior-based Android malware analysis system. The system executes Android applications inside an emulator and collects integrated system logs, including system calls (with arguments) captured through a Loadable Kernel Module and high-level events (e.g., SMS, call, network I/O) captured through DroidBox. These logs are converted into human-readable behavior profiles reflecting actions such as premium-rate SMS sending, calling, sensitive-information leakage, and data-conversion behaviors.

This dataset is derived from the Andro-Dumpsys system, which analyzes Android applications through volatile memory acquisition and similarity-based profiling. During execution in an emulator, the system extracts odex bytecode to address challenges introduced by anti-analysis techniques such as packing, dynamic loading, and dex encryption. Creator-centric artifacts—including certificate serial numbers, operation code patterns, metadata from AndroidManifest.xml, suspicious API sequences, permission usage, and system command traces—are parsed to construct behavioral profiles.

hash,tags,files_opened,files_dropped,files_copied,files_written,files_deleted,activities_started,permissions_checked,calls_highlighted,signals_hooked,services_opened,invokes,system_property_lookups,dns_lookups,http_conversations,verdict_labels
 

This repo contains the results and analysis data used in the experiment reported in the paper "Anycast and Third-party Libraries: A Recipe for a Privacy Disaster?".

To this end, we conducted an experiment where we analyzed the personal data transfers of more than 5,500 Android apps, further identifying the libraries triggering the transfers and the destinations’ geolocation. The results show that 90% of third-party libraries and 98.65% of apps integrating them potentially fail to meet the requirements for international personal data transfers.

This dataset aims to provide researchers with the essential information to aid in the development and improvement surrounding system call pattern detection for crypto ransomware on Android.

Our dataset provides two sets of extracted and formatted system call logs. The first set consists of system call logs collected from 213 crypto ransomware and the second set consist of 502 benign Android applications.

The update of Android OS constantly brings users various new features and enhances system security. On the other hand, the system and API modifications with the update may introduce the app compatibility issue. The app's SDK version may not align with the Android OS version, making apps not work adequately. This condition will inevitably damage the Android ecosystem. Thus, while developing Android OS, Google considered and deployed compatibility support. The software engineering research community also noticed the Android compatibility issue and conducted some investigations.

There are two datasets: Drebin4000 and AMD6000.

We compared the performances of an LwM2M device management protocol implementation and FIWARE’s Ultralight 2.0. In addition to demonstrating the viability of the proposed approach, the obtained results point to mixed advantages/disadvantages of one protocol over the other.