Here comes a software that can identify malicious apps, especially available on Google Play Store, by checking their behaviour against patterns of known attacks.
Named 'Chabada', for every app, it analyses the description of the app's functionality that can be read in the app store.
“Apps whose functionality is described in the app store should behave accordingly. If that is not the case, they are suspect,” said Andreas Zeller, professor of software engineering at Saarland University in Germany who invented this software.
Using programme analysis, Chabada detects which data and services are accessed by the Apps.
“Like travel apps normally access the current location and a server to load a map. So a travel app secretly sending text messages is suspicious," explained Zeller.
The researchers applied this approach on 22,521 apps from the Google Play Store.
With a purpose-built script, they downloaded 150 most popular apps in 30 categories from Google Play Store.
'Chabada' then analysed them. Finally, computer scientists investigated the 160 most significant outliers to verify Chabada's selection.
The result: It detected 56 percent of the existing spy apps without knowing their behaviour patterns beforehand.
Downloaded onto a smart phone, the malware installed other programmes which secretly sent text messages to expensive premium services.
“In the future, 'Chabada' could serve as a kind of gatekeeper, ensuring that malicious apps will never make it into an app store,” explained Zeller.
Google has also already invited Zeller and his colleagues to have Chabada analyse the whole Google App Store.