"What sets our approach apart is that we are focusing solely on C code, which is what most - if not all - Android root exploits are written in," said Enck.
"Taking this approach has significantly driven down the number of false positives," said Dr Helen Gu, co-author of the paper.
"This reduces disturbances for users and makes anomaly detection more practical," said Gu.
Researchers are hoping to work with app vendors, such as Google Play, to establish a database of normal app behaviour.
Most app vendors screen their products for malware, but malware programmers have developed techniques for avoiding detection - hiding the malware until users have downloaded the app and run it on their smartphones.
The research team wants to take advantage of established vendor screening efforts to create a database of each app's normal behaviour. This could be done by having vendors incorporate PREC software into their app assessment processes.
The software would take the app behaviour data and create an external database, but would not otherwise affect the screening process, researchers said.
Latest Business News