{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,19]],"date-time":"2025-12-19T22:05:47Z","timestamp":1766181947639,"version":"build-2065373602"},"reference-count":20,"publisher":"MDPI AG","issue":"17","license":[{"start":{"date-parts":[[2022,8,31]],"date-time":"2022-08-31T00:00:00Z","timestamp":1661904000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Lisboa2020\/Portugal2020\/EU","award":["33953","FCT Project UIDB\/MULTI\/04466\/2020 (ISTAR-IUL)","UIBD\/EEA\/50008\/2020"],"award-info":[{"award-number":["33953","FCT Project UIDB\/MULTI\/04466\/2020 (ISTAR-IUL)","UIBD\/EEA\/50008\/2020"]}]},{"name":"Instituto de Telecomunica\u00e7\u00f5es","award":["33953","FCT Project UIDB\/MULTI\/04466\/2020 (ISTAR-IUL)","UIBD\/EEA\/50008\/2020"],"award-info":[{"award-number":["33953","FCT Project UIDB\/MULTI\/04466\/2020 (ISTAR-IUL)","UIBD\/EEA\/50008\/2020"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>The widespread usage of mobile devices and their seamless adaptation to each user\u2019s needs through useful applications (apps) makes them a prime target for malware developers. Malware is software built to harm the user, e.g., to access sensitive user data, such as banking details, or to hold data hostage and block user access. These apps are distributed in marketplaces that host millions and therefore have their forms of automated malware detection in place to deter malware developers and keep their app store (and reputation) trustworthy. Nevertheless, a non-negligible number of apps can bypass these detectors and remain available in the marketplace for any user to download and install on their device. Current malware detection strategies rely on using static or dynamic app extracted features (or a combination of both) to scale the detection and cover the growing number of apps submitted to the marketplace. In this paper, the main focus is on the apps that bypass the malware detectors and stay in the marketplace long enough to receive user feedback. This paper uses real-world data provided by an app store. The quantitative ratings and potential alert flags assigned to the apps by the users were used as features to train machine learning classifiers that successfully classify malware that evaded previous detection attempts. These results present reasonable accuracy and thus work to help to maintain a user-safe environment.<\/jats:p>","DOI":"10.3390\/s22176561","type":"journal-article","created":{"date-parts":[[2022,9,1]],"date-time":"2022-09-01T03:55:38Z","timestamp":1662004538000},"page":"6561","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Automated Android Malware Detection Using User Feedback"],"prefix":"10.3390","volume":"22","author":[{"given":"Jo\u00e3o","family":"Duque","sequence":"first","affiliation":[{"name":"ISTAR-Iscte, Iscte\u2014Instituto Universit\u00e1rio de Lisboa, 1649-026 Lisboa, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4693-7096","authenticated-orcid":false,"given":"Goncalo","family":"Mendes","sequence":"additional","affiliation":[{"name":"Aptoide, S.A., 1600-196 Lisboa, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7072-0925","authenticated-orcid":false,"given":"Lu\u00eds","family":"Nunes","sequence":"additional","affiliation":[{"name":"ISTAR-Iscte, Iscte\u2014Instituto Universit\u00e1rio de Lisboa, 1649-026 Lisboa, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9519-4634","authenticated-orcid":false,"given":"Ana","family":"de Almeida","sequence":"additional","affiliation":[{"name":"ISTAR-Iscte, Iscte\u2014Instituto Universit\u00e1rio de Lisboa, 1649-026 Lisboa, Portugal"},{"name":"CISUC\u2014Center for Informatics and Systems of the University of Coimbra, 3004-531 Coimbra, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4847-2432","authenticated-orcid":false,"given":"Carlos","family":"Serr\u00e3o","sequence":"additional","affiliation":[{"name":"ISTAR-Iscte, Iscte\u2014Instituto Universit\u00e1rio de Lisboa, 1649-026 Lisboa, Portugal"}]}],"member":"1968","published-online":{"date-parts":[[2022,8,31]]},"reference":[{"key":"ref_1","unstructured":"McAfee (2022, June 01). Mobile Threats Report. Available online: https:\/\/www.mcafee.com\/enterprise\/en-us\/assets\/reports\/rp-mobile-threat-report-2019.pdf."},{"key":"ref_2","unstructured":"StatCounter (2022, June 01). Mobile Operating System Market Share Worldwide. Available online: https:\/\/gs.statcounter.com\/os-market-share\/mobile\/worldwide."},{"key":"ref_3","unstructured":"TheRegister (2022, June 01). Earn 8000 a Month with Bogus Apps from Russian Malware Factories. Available online: http:\/\/www.theregister.co.uk\/2013\/08\/05\/mobile_malware_lookout\/."},{"key":"ref_4","unstructured":"Nigam, R. (2022, June 01). A Timeline of Mobile Botnets, Virus Bulletin. Available online: https:\/\/www.virusbulletin.com\/blog\/2015\/03\/paper-timeline-mobile-botnets."},{"key":"ref_5","unstructured":"InformationWeek (2022, June 01). Cybercrime Black Markets Grow Up. Available online: http:\/\/www.informationweek.com\/cybercrime-black-markets-grow-up\/d\/d-id\/1127911."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., and Kirda, E. (2007, January 10\u201314). Limits of Static Analysis for Malware Detection. Proceedings of the Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007), Miami Beach, FL, USA.","DOI":"10.1109\/ACSAC.2007.21"},{"key":"ref_7","unstructured":"Xu, R., Sa\u00efdi, H., and Anderson, R. (2012, January 8\u201310). Aurasium: Practical Policy Enforcement for Android Applications. Proceedings of the 21st USENIX Security Symposium (USENIX Security 12), Bellevue, WA, USA."},{"key":"ref_8","unstructured":"Duque, J. (2020). Malware Detection Based on Dynamic Analysis Feature. [Master\u2019s Thesis, Iscte-Instituto Universit\u00e1rio de Liboa]."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3017427","article-title":"The Evolution of Android Malware and Android Analysis Techniques","volume":"49","author":"Tam","year":"2017","journal-title":"ACM Comput. Surv."},{"key":"ref_10","unstructured":"Mori, P., Furnell, S., and Camp, O. (2018). Application Marketplace Malware Detection by User Feedback Analysis. Information Systems Security and Privacy, Springer International Publishing."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"106290","DOI":"10.1016\/j.infsof.2020.106290","article-title":"Identifying security issues for mobile applications based on user review summarization","volume":"122","author":"Tao","year":"2020","journal-title":"Inf. Softw. Technol."},{"key":"ref_12","unstructured":"Pandita, R., Xiao, X., Yang, W., Enck, W., and Xie, T. (2013, January 14\u201316). WHYPER: Towards Automating Risk Assessment of Mobile Applications. Proceedings of the 22nd USENIX Security Symposium, Washington, DC, USA."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"70","DOI":"10.1109\/MS.2014.50","article-title":"What Do Mobile App Users Complain About?","volume":"32","author":"Khalid","year":"2015","journal-title":"IEEE Softw."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"1067","DOI":"10.1007\/s10664-015-9375-7","article-title":"Analyzing and automatically labelling the types of user issues that are raised in mobile app review","volume":"21","author":"McIlroy","year":"2016","journal-title":"Empir. Softw. Eng."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Ciurumelea, A., Schaufelb\u00fchl, A., Panichella, S., and Gall, H.C. (2017, January 20\u201324). Analyzing reviews and code of mobile apps for better release planning. Proceedings of the 2017 IEEE 24th International Conference on Software Analysis, Evolution and Reengineering (SANER), Klagenfurt, Austria.","DOI":"10.1109\/SANER.2017.7884612"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Scoccia, G.L., Ruberto, S., Malavolta, I., Autili, M., and Inverardi, P. (2018, January 27\u201328). An Investigation into Android Run-Time Permissions from the End Users\u2019 Perspective. Proceedings of the 5th International Conference on Mobile Software Engineering and Systems, Gothenburg, Sweden. MOBILESoft \u203218.","DOI":"10.1145\/3197231.3197236"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"106466","DOI":"10.1016\/j.infsof.2020.106466","article-title":"Mobile app privacy in software engineering research: A systematic mapping study","volume":"133","author":"Ebrahimi","year":"2021","journal-title":"Inf. Softw. Technol."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"3574","DOI":"10.1108\/IJCHM-05-2017-0302","article-title":"Hotel online reviews: Creating a multi-source aggregated index","volume":"30","author":"Antonio","year":"2018","journal-title":"Int. J. Contemp. Hosp. Manag."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Kiritchenko, S., Zhu, X., Cherry, C., and Mohammad, S. (2014, January 23\u201324). NRC-Canada-2014: Detecting Aspects and Sentiment in Customer Reviews. Proceedings of the 8th International Workshop on Semantic Evaluation (SemEval 2014), Dublin, Ireland.","DOI":"10.3115\/v1\/S14-2076"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"954","DOI":"10.1093\/biomet\/87.4.954","article-title":"A New Family of Power Transformations to Improve Normality or Symmetry","volume":"87","author":"Yeo","year":"2000","journal-title":"Biometrika"}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/22\/17\/6561\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T00:20:50Z","timestamp":1760142050000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/22\/17\/6561"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,8,31]]},"references-count":20,"journal-issue":{"issue":"17","published-online":{"date-parts":[[2022,9]]}},"alternative-id":["s22176561"],"URL":"https:\/\/doi.org\/10.3390\/s22176561","relation":{},"ISSN":["1424-8220"],"issn-type":[{"type":"electronic","value":"1424-8220"}],"subject":[],"published":{"date-parts":[[2022,8,31]]}}}