Understanding Android Malware Families (UAMF) – The Foundations (Article 1)

Android malware is one of the most serious threats on the internet and has witnessed an unprecedented upsurge in recent years. There is a need to share the fundamental understanding of behaviour exhibited by prominent Android malware categories and families.

With the increasing number of Android users and devices, the number of exploits on Android apps is also on the rise. It has affected all sectors of business including healthcare, finance, transportation, government, and e-commerce. As the current trend continues, mobile attackers are developing more sophisticated intrusions by deploying malicious apps and malware. The Understanding Android malware families (UAMF) series features six articles that will highlight the main Android malware categories and families. Readers will learn about the threats’ behaviour and examine mitigation procedures. The articles in this series present the results of our Android malware analysis research project, which has been underway since 2017. We generated four datasets AAGM2017, AndMAl2017, InvestAndMAl2019, and AndMal2020 and related academic articles along with proposed Android malware detection and characterization solutions and techniques. 


Android is the leading operating system that provides high-performance platforms for users. According to a report published by the International Data Corporation (IDC), Android is dominating the market with 85 per cent of the global market share in the last quarter of 2020. Further, the annual shipment rate of Android is expected to grow by 150 million units in 2021. With the surging demand for Android in the global market, the challenges associated with Android malware are also escalating at a rapid rate. According to a report, as of March 2020, the total number of Android malware samples amounted to 482,579 per month [3]. These statistics are alarming and draw our attention to the menace accompanied by the legacy of the Android operating system. These malware samples can create havoc, if not detected.

Android malware is malicious software that targets smartphone devices running Android operating systems. It is like other malware samples that run on desktops or laptop computers. Android…