The fast development of mobile apps and its usage has led to increase the risk of exploiting user privacy. One method used in Android security mechanism is permission control that restricts the access of apps to core facilities of devices. However, that permissions could be exploited by attackers when granting certain combinations of permissions. So, the aim of this paper is to explore the pattern of malware apps based on analyzing permissions by proposing framework utilizing feature selection based on ensemble extra tree classifier method and machine learning classifier. The used dataset had 25458 samples (8643 malware apps & 16815 benign apps) with 173 features. Three dataset with 25458 samples and 5, 10 and 20 features respectively were generated after using the proposed feature selection method. All the dataset was fed to machine learning. Support Vector machine (SVM), K Neighbors Classifier, Decision Tree, Naïve bayes and Multilayer Perceptron (MLP) classifiers were used. The classifiers models were evaluated using true negative rate (TNR), false positive rate (FNR) and accuracy metrics. The experimental results obtained showed that Support Vector machine and KNeighbors Classifiers with 20 features achieved the highest accuracy with 94 % and TNR with rate of 89 % using KNeighbors Classifier. The FNR rate is dropped to 0.001 using 5 features with support vector machine (SVM) and Multilayer Perceptrons (MLP) classifiers. The result indicated that reducing permission features improved the performance of classification and reduced the computational overhead.

Permission-based analysis; Feature selection; Machine Learning; Malware Android classification