Detecting android malware according to observations on user activities

The ability for mobile devices to hold a growing amount of personal data, credits on digital portfolios, etc. increases the risks due to data leaks. Therefore, the need to improve the security in such devices has become paramount. Guided by this goal, in this paper we present an approach to identify at runtime whether an operation carried out in the device is normal (benign) or abnormal (malicious). For this, we monitor the previous behaviour of the user. An application has been created that collects data relating to the user's data traffic (such as wifi downloaded bytes) in the background, allowing us to establish whether a new operation on the device is in line with previous ones. This gives life to a new kind of security enforcement on the device. The experiments were performed by collecting data taken from Android devices and have shown that anomalous operations can be detected with a high probability.