"What sets our approach apart is that we are focusing solely on C code, which is what most - if not all -Android root exploits are written in," said Enck.

"Taking this approach has significantly driven down the number of false positives," said Dr Helen Gu, co-author of the paper.

"This reduces disturbances for users and makes anomaly detection more practical," said Gu.

Researchers are hoping to work with app vendors, such as Google Play, to establish a database of normal app behavior.

Most app vendors screen their products for malware, but malware programmers have developed techniques for avoiding detection - hiding the malware until users have downloaded the app and run it on their Smartphones.

The research team wants to take advantage of established vendor screening efforts to create a database of each app's normal behavior. This could be done by having vendors incorporate PREC software into their app assessment processes.

The software would take the app behavior data and create an external database, but would not otherwise affect the screening process, researchers said.

Read More:

New Methods For Password Protection Proposed  

5 Smart Tools to Predict Climate