The Android Malware Handbook cover

The Android Malware Handbook

Detection and Analysis by Human and Machine
by Qian Han, Salvador Mandujano, Sebastian Porst, V.S. Subrahmanian, Sai Deep Tetali, and Yanhai Xiong
September 2023, 328 pp.

Download Chapter 6: Machine Learning Features

Look Inside!

Android Malware Handbook back coverAndroid Malware Handbook pages 72-73Android Malware Handbook pages 166-167Android Malware Handbook pages 232-233

This groundbreaking guide to Android malware distills years of research by machine learning experts in academia and members of Meta and Google’s Android Security teams into a comprehensive introduction to detecting common threats facing the Android eco-system today.

Explore the history of Android malware in the wild since the operating system first launched and then practice static and dynamic approaches to analyzing real malware specimens. Next, examine machine learning techniques that can be used to detect malicious apps, the types of classification models that defenders can implement to achieve these detections, and the various malware features that can be used as input to these models. Adapt these machine learning strategies to the identification of malware categories like banking trojans, ransomware, and SMS fraud.


  • Dive deep into the source code of real malware
  • Explore the static, dynamic, and complex features you can extract from malware for analysis
  • Master the machine learning algorithms useful for malware detection
  • Survey the efficacy of machine learning techniques at detecting common Android malware categories

The Android Malware Handbook’s team of expert authors will guide you through the Android threat landscape and prepare you for the next wave of malware to come.

Author Bio 

Qian Han has been working as a research scientist at Meta since 2021. He currently serves as the tech lead for the Mobile App Integrity team, where he is responsible for protecting people and publishers from malicious mobile app behavior. He earned his Ph.D. in computer science from Dartmouth College in 2021, under the guidance of V.S. Subrahmanian, and his bachelor’s in electronic engineering from Tsinghua University, China, in 2016.

Salvador Mandujano is a security engineering manager at Google, where he has led a number of teams in the fields of product security engineering, malware research, and payments security. Prior to joining Google, he held security research and architecture positions at Intel and Nvidia. He holds a Ph.D. in artificial intelligence from Tecnológico de Monterrey, a master’s in computer science from Purdue University, an MBA from The University of Texas at Austin, and a bachelor’s in computer engineering from Universidad Nacional Autónoma de México.

Sebastian Porst is the manager of Google’s Android Application Security Research team, which researches current and future attacks that target Android devices and users. Since joining the Android Security team in 2011, he has been a software engineer, security engineer, and malware analyst. Before that, he worked on binary code analysis, reverse engineering tools, and exploit and vulnerability analysis. He received a master’s in computer science from The Trier University of Applied Sciences, Germany, in 2007.

V.S. Subrahmanian is the Walter P. Murphy Professor of Computer Science and Buffett Faculty Fellow in the Buffett Institute of Global Affairs at Northwestern University. One of the world’s foremost experts on the intersection of AI and security issues, he pioneered the development of machine learning and AIbased techniques to analyze counterterrorism, cybersecurity, text, geospatial, and social network data. He has written eight books, edited ten, and published over 300 refereed articles. His work has been featured in outlets such as The Baltimore Sun, The Economist, The Wall Street Journal, Science, Nature, The Washington Post, and American Public Media.

Sai Deep Tetali is a principal engineer and tech lead manager at Meta, where he works on privacy solutions for augmented and virtual reality applications. Prior to joining Meta, he spent five years at Google developing machine-learning techniques for detecting Android malware. He received his Ph.D. from University of California, Los Angeles.

Yanhai Xiong is an assistant professor in the Department of Computer Science and Engineering at the University of Louisville. Previously, she worked as a postdoctoral researcher in the Department of Computer Science at Dartmouth College. She obtained a Ph.D. from The Interdisciplinary Graduate School, Nanyang Technological University, in 2018, where she applied AI techniques to improving the efficiency of electric vehicle infrastructure. She received a bachelor’s in engineering from The University of Science and Technology of China in 2013.

Table of contents 

Part 1: A Primer on Android Malware
Chapter 1: Introduction to Android Security
Chapter 2: Android Malware in the Wild
Part 2: Manual Analysis
Chapter 3: Static Analysis
Chapter 4: Dynamic Analysis
Part 3: Machine Learning Detection
Chapter 5: Machine Learning Fundamentals
Chapter 6: Machine Learning Features
Chapter 7: Rooting Malware
Chapter 8: Spyware
Chapter 9: Banking Trojans
Chapter 10: Ransomware
Chapter 11: SMS Fraud
Chapter 12: The Future of Android Malware

View the Copyright page
View the detailed Table of Contents
View the Index


"A comprehensive introduction to Android malware and its analysis."
—Maik Morgenstern, CTO at AV-TEST

"An indispensable resource for both security professionals and enthusiasts, offering unparalleled insights into the intricacies of Android malware and empowering readers to effectively guard against this pervasive threat."
—Dimitrios Valsamaras, Senior Security Researcher at Microsoft (formerly worked on Android at Google)

"Comprehensive and exceptionally user friendly, The Android Malware Handbook should be considered essential reading for anyone with an interest in computer viruses, computer software testing, and computer hacking."
—Midwest Book Review

Extra Stuff 

View the Android Malware Handbook GitHub repository.