This project aims to analyze a dataset of Android applications in order to identify malicious apps. The dataset consisted of 1817 apps, with 165 of them labeled as malicious and 1652 labeled as benign. Various features were extracted from the apps such as sha256, label, app_permissions, api_permissions, api_calls, activities, s_and_r, interesting_calls, urls, and providers. These features were used to train a machine learning model, specifically a Support Vector Machine (SVM) with a linear kernel, as well as other machine learning models such as Logistic Regression, KNeighborsClassifier, DecisionTreeClassifier, and GradientBoostingClassifier. Additionally, the dataset also included a list of different categories such as b'_TestPay2', b'DeviceListActivity', b'_Query', etc and Android API calls such as android/app/Activity;->startActivityForResult, android/media/AudioManager ;->startBluetoothSco, etc.

The information was pre-processed by extracting the features and storing them in a json file. This json file contains an array where each object produces the features of that application, the features contain binary values of 1 or 0, if 1 then the application has this component and if 0 or does not exist then its value will be 0. The pre-processing also includes handling the missing data and filling the missing values with 0.

The models were trained on the extracted features and their performance was evaluated using metrics such as accuracy, precision, recall, and F1-score. The results showed that the SVM model with a linear kernel performed the best, with an accuracy of 99.4%. The project also includes helper functions for extracting and arranging the information, a function to count the amount of malicious and non-malicious apps, a function to order the result by the biggest malicious and benign numbers, and a function to export the result into json file.

The project also includes an explanation of the most significant features that were found in the dataset, such as "sha256" which is responsible for identifying the application, "interesting_calls::getSystemService" that is responsible for the security of the system, and "app_permissions ::android_permission_INTERNET" which is responsible for the internet access permission. The project also includes the use of various models such as Logistic Regression, KNeighborsClassifier, DecisionTreeClassifier, and GradientBoostingClassifier.

In conclusion, this project demonstrates how machine learning can be used to effectively detect malicious Android apps. The results indicate that the SVM model with a linear kernel is the best performing model, and the extracted features provide valuable insights into the characteristics of malicious apps. The proposed approach can be applied to other malware detection tasks, and further research can be done to improve the performance and security of the model.

Furthermore, this project also highlights the importance of pre-processing and handling missing data in order to ensure the quality of the dataset and the accuracy of the models. The use of different models also allows for a comprehensive evaluation of the performance of each model and the ability to select the best performing model for the task at hand. Additionally, the inclusion of helper functions for data analysis and visualization enables a deeper understanding of the dataset and the characteristics of malicious apps. This project serves as a valuable resource for researchers and practitioners in the field of mobile security, as it provides a clear and effective approach for detecting malicious Android apps using machine learning. With the proliferation of mobile devices, the need for effective mobile security is becoming increasingly important, and this project is a step towards addressing this need.