Free University of Bolzano
In this paper, the authors present a methodology for mobile forensics analysis, to detect \"Malicious\" (or \"Malware\") applications, i.e., those that deceive users hiding some of their functionalities. This methodology is specifically targeted for the Android mobile operating system, and relies on its security model features, namely the set of permissions exposed by each application. The methodology has been trained on more than 13,000 applications hosted on the Android Market, collected with AppAware. This aspect is particularly relevant, as mobile phones are also used when committing crimes: in many cases, for instance, wiretapping gives valuable benefits to investigations.