Keywords

1 Introduction

The ADB is a multipurpose command-line tool which when connected with an android device through USB cable allows communication and various other actions like installing and debugging applications using a Unix shell. Its three components are:

  1. 1.

    Client—It sends and runs commands on a development computer. By issuing a command from a command-line terminal, one can invoke the client.

  2. 2.

    Daemon—It runs in the background, executes commands on an android device.

  3. 3.

    Server—It runs as a background process on the development computer and establishes communication between the daemon and the client [1].

A study conducted by International Data Corporation (IDC) states that the Android platform is still dominating the smartphone industry with a share of more than 86%. Its popularity is incrementing rapidly with more developing sensitive operations and features being integrated [2]. But along with this, Android malware is also growing, and that too with more complex anti-analysis techniques and logic [3]. Mobile malware is a malicious software which specifically targets mobile operating systems. Nowadays, malware can be utilized for numerous purposes like for tracking user activity, spreading spam, stealing data, etc. [4]. It is generally used for more than 1 purpose. To explain malware classification, we require two terms: Malware type (Based on its General functionality, what it does) and Malware family (based on its particular functionality, how it acts) [5, 6].

2 Literature Review

The paper named “M0droid: An android behavioural-based malware detection model” [7] represents a model used for detection of malware codes or harmful scripts on an Android device. The process flow of the model given in the paper was to install an application on a mobile device and then analyze the data on the server. The results from the experiments conducted demonstrates that the detection rate of the model used is 60.16% where false positives percentage was 39.43%.

SAndroid [8], the tool which enhanced the malware and harmful scripts detection by application signatures [9, 10], over detection and tracking of malicious and harmful process signatures [11, 12]. Though, there are some disadvantages of this method like high amount of battery consumption.

Canfora et al. [13] estimated some techniques to detect malevolent apps. Their perspective is potent for desktop malwares and categorize the ill-natured applications. Practically, they attain a precision “0.96” to differentiate the malicious applications, and “0.978” to determine malware family.

Feizollah et al. [14] came up with AndroDialysis, to judge how efficient the android application intent: explicit and implicit, like specification to check the ill-natured applications. They convey that the intents have semantically better structures as compared to other attributes [15]. Though, they said that not all these features are the final solution, and also it can be used with other well known positive features [16, 17]. It’s outcome depends on the probe of data present of 7406 apps (5560 infected apps and 1846 clean). They attain 91% accuracy by operating the Android Intents, while 83% uses Android permissions and the merging of these characteristics they get the spotting rate as 95.5%. They declare that in the process of malware identification, Intents are more worthwhile than the permissions [18].

Then, another paper named “Comparative study of mobile forensic tools” [19] described a method termed as FAMOUS stands for Forensic Analysis of Mobile Devices. This method examines app permission to determine whether the app is a malware or not. Tools like Droid Scope [20] and Profile Droid for analyzing apk files so that there is any scope of malware in them. The paper named “On the Efficacy of Using Android Debugging Bridge for Android Device Forensics” [21], this paper concluded that ADB is unable to flag any file but can effectively find and extract the present malware files [22].

The literature review includes Malware detection using System Calls, Intents, Manifest file, Permissions required by the application and ADB (Android Debug Bridge). Very few studies have been done using ADB and more work can be performed by using Android Debug Bridge as a malware detector [23,24,25].

3 Implementation

For the detection of malware in any android phone, a shell script and a text file are created. The name of the shell script is checkapk.sh and that of the text file is malwarehashes.txt. checkapk.sh consists of a script which is used for detecting and abstracting the malware in the android phones and malwarehashes.txt file consists of hash codes of malware.

3.1 Steps of Implementation

  • Step 1: Connect the phone with a laptop or computer running the ADB command line. Turn on the USB debugging from the developer options and sanction the permissions. For the developer options click on the build number 7 times in the about phone menu.

  • Step 2: Type commands in the command line:

    1. 1.

      “adb shell”—to grant permission for connecting the android phone with ADB

    2. 2.

      “exit”

  • Step 3: Type command “bash checkapk.sh” and the file will start running.

The process of detection and abstraction of malware takes place until the “Success” message appears.

Backend working:

  1. 1.

    The shell script was written to detect and remove malware consists of ADB and Linux commands, which is used for fetching the packages on the android phone and removing it if malware is detected

  2. 2.

    When the shell script is executed, the packages present on the android phone are fetched with their consummate name and location. By using the location of the package, md5sum of that package is generated and stored in a file designated as apphashes.txt.

  3. 3.

    After generating the file apphashes.txt, the hash codes of the file are compared with the hash codes of malwares which are already stored in a file designated as malwarehashes.txt.

After comparing both the files with each other, If any hash code is obtained which is mundane in both the files, then the package of that hashcode will be permanently deleted and uninstalled And, if no hash code is mundane then simply a message appears on the screen “No malware detected”.

In the terminus, “rm” command is used in a script to abstract all the files generated during implementation to minimize the internal system storage utilized by the script (Fig. 1).

Fig. 1
A screenshot of Running shell script. Top center of the screen spots a title, root at kali, colon, dash. In next line, mentioned features are: file, edit, view, search, terminal, and help. The address mentioned is root at kali, colon, dash, hashtag, bash check a p k dot s h. Below these, the text W A I T is spotted in running shell script.

Running shell script

Full size image

4 Result

The script created in this research can detect and remove malware utilizing the android debug bridge. There are two scenarios since an android device may or may not have any malware. The Figs. 2 and 3 shows the output when the device doesn’t have any type of malware and when the system has only one malware respectively.

Fig. 2
A screenshot of a running shell script depicts no malware detected scenario. With various features like file, edit, view, search, terminal, and help, the address mentioned is, root at kali, colon, dash, hashtag, bash check a p k dot s h. Message at the bottom of the screen displays, no malware detected.

No malware detected

Full size image
Fig. 3
A screenshot of a running shell script depicts one malware detected and removed scenario. With various features like file, edit, view, search, terminal, and help, the address mentioned is, root at kali, colon, dash, hashtag, bash check a p k dot sh. 3 messages at the bottom of the displayed screen are: malware detected: 1, Malware removed, Success.

One malware detected

Full size image

4.1 Comparative Analysis of Our Study with Pre-existing Tools

For the comparative analysis, malware is designed using the MSF venom and injected within an android device then some antivirus is used to detect that malware, and likewise the script created in this research is used and the analysis is shown.

Table 1 shows the comparison between different antiviruses available. Despite these tools, certain applications present on the play store required credit card information for a free tribulation of some days and then pleaded for payment. This table compare them on the basis of permission required, whenever we use any third-party tool then there is always a security concern due to the fact that the tool can access some confidential information due to the various permissions required to run the software but while using ADB only the owner of the device has the permission and there is no involvement of any third party tool and can efficiently detect and remove malware.

Table 1 Comparative analysis
Full size table

5 Conclusion

This paper concludes that users can themselves detect and remove malware present inside an android device without compromising security by using android debug bridge. It is efficacious for detecting and abstracting the malicious software or application with the avail of shell script without involving any third party application. Most of the free third-party applications are not able to detect and abstract the malware injected on the testing phone. These third-party applications require sanction for accessing the internal storage and the external SD card or recollection card connected and additionally the credit card and debit card information for free trial. While in this research the shell script generated can be used by the user itself without involving any third-party application or software. Users can execute the script on their system and can abstract the malware if detected.