Android has become ubiquitous by taking more than 86% of the market share. This rapid expansion has brought a slew of new threats, including privacy breaches, data thefts, and cyberespionage. As today’s malware are highly sophisticated and capable to evade even the state-of-the-art malware detection tools using obfuscation and repacking techniques. Therefore, to check the strength of existing anti-malware tools, a thorough evaluation is needed. In this survey, we present an in-depth study of Android anti-malware tools built over the last decade. This research classifies anti-malware tools, based on their analysis methodology, into three main categories namely static, dynamic, and hybrid. Moreover, it also classifies anti-malware tools according to their protection capabilities, performance, and usability. Based on our thorough studies, shortcomings are discussed and research gaps have been identified.

Android is the world's most popular platform based on Linux kernel. It's users are increasing drastically and has a market acquisition of 86.70%. This number is continuously increasing over the period of time as visualized in Fig. 1. The figure shows a spontaneous increase in Android base devices over the last 4 years. Therefore, Android has become one of the most targeted platform for cyber thefts. A vast variety of malware's are evolving every day to compromise user's sensitive information, contacts, SMS, call logs, images, and other confidential data. Android malware spread in different ways like SMiShing (SMS phishing email attachment, Wi-Fi hot-spot, and Bluetooth. Most of the time malicious applications on application stores are major source of malware propagation.


Malware Families and detection

There are multiple Android malware detection techniques available depending on our requirements. We can broadly classify Android malware detection mechanisms into three major categories that are static analysis, dynamic analysis, and hybrid analysis ~\cite{a10}. All malware detection techniques work on the same principles. First of all, an Android Package Kit (APK) is identified and analyzed using any malware detection technique and in the end, the report is generated or a warning prompt is issued. A quick overview for static and dynamic analysis is given in Table.

The purpose of all techniques remains same but there is a key difference between their working and efficiency. This is defined based on their training set and algorithms. The key factors include efficiency, effectiveness, time duration, detection rate.