Detecting Malware Applications through a Hybrid Approach: Permission Profiling and User Experience Analysis

Mobile applications have become ubiquitous, but their widespread adoption has increased security concerns, particularly regarding malware infiltration through official app stores. Current detection methods predominantly focus either on static analysis of app permissions or dynamic user-based feedback, limiting the effectiveness of malware detection. This paper proposes a novel hybrid approach integrating Permission Profiling—examining the explicit permissions requested by an app—and User Experience Analysis—leveraging metadata from app stores and user-generated reviews. Using the NATICUSdroid dataset (29,333 applications) for permissions analysis and a curated dataset of app store metadata and reviews, we trained individual models for each approach and combined them through soft voting ensemble techniques. The hybrid model achieved 98.05% accuracy, significantly outperforming individual models (96.98% and 76.00% respectively), with a 70% reduction in false positives. SMS-related permissions emerged as the strongest indicators of malicious intent, while negative sentiment in user reviews provided complementary signals. Our findings demonstrate that integrating technical permission analysis with user experience data creates a more robust malware detection system capable of addressing limitations inherent in each individual approach.