SAPIMMDS: Function-Oriented Mobile Malware Analysis Dataset Based on Suspicious API Call Patterns

This dataset accompanies the research presented in \u201cFunction-Oriented Mobile Malware Analysis as First Aid\u201d and provides behavior-oriented metadata for 906 Android malware samples collected from real-world smishing and spyware incidents in South Korea.The dataset was produced using a hybrid analysis approach in which each application was executed inside an Android emulator, its volatile memory region was dumped, and the odex bytecode was extracted for analysis. By comparing extracted API usage with a predefined list of suspicious APIs, the system identifies function-level malicious behavior, such as hiding SMS notifications, hijacking SMS content, exfiltrating contacts or location data, manipulating bookmarks, and stealing financial certificates (NPki).Unlike traditional family-oriented or signature-centric malware datasets, this resource focuses on function-oriented malware analysis, enabling researchers to examine how malicious actions manifest through API call patterns. The dataset is suitable for studies in behavioral malware detection, API-pattern mining, smishing threat analysis, and Android security research.