Question 1

How does RiskInDroid compare to other Android malware scanners like AndroBugs?

Accepted Answer

RiskInDroid focuses on quantitative risk scoring using machine learning and deep permission analysis from bytecode, while tools like AndroBugs often detect specific vulnerabilities. It provides a numeric risk value rather than a list of issues.

Question 2

How to retrain the machine learning models in RiskInDroid?

Accepted Answer

Delete the contents of the app/models/ directory, and the models will be recreated from the source data the next time an app is analyzed. This allows updates to newer scikit-learn versions, as mentioned in the README tip.

Question 3

Does RiskInDroid work on apps from the Google Play Store or only APK files?

Accepted Answer

It analyzes APK files directly, so you need the APK for any app, including those from the Play Store. The web interface supports uploading APKs for analysis.

Question 4

What are ghost permissions in RiskInDroid?

Accepted Answer

Ghost permissions are those not declared in the manifest but with usages found in the bytecode, indicating potential security issues. This is part of the four permission sets extracted during analysis.

Question 5

Can RiskInDroid be integrated into an automated security pipeline?

Accepted Answer

Yes, but it requires running the Python backend or Docker container, which might need customization for automation. The web interface is more suited for interactive use.

Question 6

How accurate is the risk score from RiskInDroid?

Accepted Answer

The score is based on classifiers trained on over 6,000 malware and 112,000 benign apps, providing empirical validation. However, accuracy may vary with newer apps due to the dated dataset.

RiskInDroid

What is RiskInDroid?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions