With the exponential use of mobile phones to handle sensitive information, the intrusion systems development was also increased. Being Android one of the most popular operative systems (OS), it became an intrusions methods development target.

To better understand the potentials of the Android framework, research was done on security assessments of the framework and its security mechanisms, analyzing how each application runs its processes and uses its permissions.

This thesis aims to propose an improved threat management system for mobile devices, on the Android framework, using event correlation and anomaly detection patterns, namely alerts generated from malicious activities detection, to generate a proper anti-malware response. For this work, a study is made on models threats/attacks’ description, as well as, in the current existing applications for anti-mobile threats, testing their limitations, analyzing their strengths and weakness. This are the foundations to develop new solutions or improvements to existing ones.

As part of the proposed solution an Android application is designed for detecting and quantifying the level of risk at which a mobile system is exposed at each time, doing threat characterization and using the information collected during the analysis of other applications. For the proposed algorithm development is used the data logged from the other applications running on the mobile device, such as the permissions they request, the analysis of the network traffic, others IPs connected to the same network and the open access protocols on the mobile device, and the user usage of the device. The latter is one of the biggest vulnerabilities since most of the malware is installed using social engineering.