Article Preview
TopIntroduction
Known for its remarkable dominance in the mobile market over other competitors, the Android ecosystem occupies a significant share of around 85% of the global mobile device market (IDC 2020), and this increases the risk of being the most preferred target of mobile cybercrime attacks (Ahvanooey, Li, Rabbani, & Rajput, 2020). The latter tried to exploit the various vulnerabilities (known or not) existing in the various bricks and components of this operating system to control the various resources present in the victim’s devices and get hold of personal and confidential user data.
Due to its open-source nature, Android OS is widely adopted by several mobile manufacturers and on several products (mobile, tablet, smart TV, smartwatch, etc.) and ranges (high, medium, or low range) to remain competitive on a global scale and be within the reach of future users with limited financial capacity. These constraints have significantly segmented the Android ecosystem (AppBrain, 2021) and made it difficult for manufacturers to offer rapid updates and patches to users, which endangered the security of the various devices on the market implementing Android as an OS (WIRED, 2018). All of these and other challenges only make it easier to install, deploy, and spread malware and thereby broaden its attack vector with minimal effort, cost and time.
A reliable detection of all malicious behavior resulting from malware or infected applications is a research axis widely discussed in the literature. Indeed, several approaches have been proposed dissecting the analysis process put in place and whose adopted technique can be either static, dynamic, or hybrid (Ouaguid, Ouzzif, & Abghour, 2020). The various processing of these approaches is generally provided by a centralized system that can be hosted locally on the end-user device, deployed in a local machine or in the Cloud (SaaS) by an entity deemed to be trusted. The availability, transparency, and integrity of the results obtained by this system are far from guaranteed especially with the existence of the risk that these systems represent a single point of failure (SPOF) and are, subsequently, themselves victims of a blockage, a data compromise or an alteration of the proper functioning of said system (via sharp and specific cyber-attacks).
Deployment and local execution of analysis processes on users’ computers or servers was and still is the “traditional” implementation of malware scanning and detection solutions. However, adopting the same approach in the smartphones of end users can cause a slowdown in the execution of previously installed applications or a block (total or partial) of the basic functions of the Smartphones (make calls, read messages, take pictures, etc.). This can be easily observed on mid to low range smartphones marketed successfully in emerging markets (Gartner, 2020) because of their fairly average technical configuration.
Due to the aforementioned technical limitations, several decentralized approaches have been proposed that outsource the analysis and detection of malicious applications either to a system based on a native distributed architecture or an emerging technology such as Blockchain. Indeed, in the research work done by (Ouaguid, Abghour, & Ouzzif, 2018), the authors proposed a framework called “AndroScanReg (Android permissions scan register)” allowing, via decentralized and autonomous entities, the extraction and analysis of permissions requested by Android applications during its installation. Based on the Blockchain technology, AndroScanReg guarantees high availability of the service provided while ensuring the immutability and integrity of the data exchanged which are only the results of analyzes generated by said system.