What is ADMIRE?

ADMIRE is a system that let you analyze different Android marketplaces, searching potentially malicious applications.

How it works?

First, the system collects a set of applications flagged as malicious by different sources. This set is called seed.
Then, the system crawls different Android marketplaces, searching applications with package name in common with a seed application. If a matching application is found, it is downloaded and all marketplace metadata are saved. Marketplace metadata are informations provided by marketplace about a particular application, like developer name, number of downloads, number of reviews, users evaluation, price, version and so on.
After download, the system also analyse the apk in order to extract package informations, like md5 hash, certificate fingerprint and permissions list.
For each apk the system computes the similarity level with the seed application: if the downloaded app has only the package name in common with the seed application the match type is weak; if the md5 hashes are the same the match type is strong, since this means that applications are exactly the same.
Periodically, downloaded apps are also analyzed by VirusTotal in order to get analysis from different antiviruses.

Data Intelligence

ADMIRE has a large database of applications crawled and classified.
Thanks to this web interface, you can explore data and get aggregated statistics and relevant informations about the behaviour of Android marketplaces and developers.
You can explore ADMIRE seed set and get informations about the origin of that seed, the detection date, and the applications matching that seed app.
You can search among applications in ADMIRE dataset and get informations from apk but also the collected metadata from each marketplace where the application was found.
You can search a developer, by his name, and get statistics about his publishing activity and his applications.
You can also explore a marketplace and get an overview about its behaviour with respect to apps collected.

References

If you want to have more informations and details you can read Andradar paper.