survey

The Evolution of Android Malware and Android Analysis Techniques

Authors:

Nor Badrul Anuar,

Rosli Salleh, and

Lorenzo CavallaroAuthors Info & Claims

ACM Computing Surveys (CSUR), Volume 49, Issue 4

Article No.: 76, Pages 1 - 41

https://doi.org/10.1145/3017427

Published: 13 January 2017 Publication History

Abstract

With the integration of mobile devices into daily life, smartphones are privy to increasing amounts of sensitive information. Sophisticated mobile malware, particularly Android malware, acquire or utilize such data without user consent. It is therefore essential to devise effective techniques to analyze and detect these threats. This article presents a comprehensive survey on leading Android malware analysis and detection techniques, and their effectiveness against evolving malware. This article categorizes systems by methodology and date to evaluate progression and weaknesses. This article also discusses evaluations of industry solutions, malware statistics, and malware evasion techniques and concludes by supporting future research paths.

References

[1]

Vitor Afonso, Antonio Bianchi, Yanick Fratantonio, Adam Doupe, Mario Polino, Paulo de Geus, Christopher Kruegel, and Giovanni Vigna. 2016. Going native: Using a large-scale analysis of Android apps to create a practical native-code sandboxing policy. In Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS). San Diego, CA.

[2]

Hussain M. J. Almohri, Danfeng (Daphne) Yao, and Dennis Kafura. 2014. DroidBarrier: Know what is executing on your Android. In ACM Conference on Data and Application Security and Privacy (CODASPY).

Digital Library

[3]

A. Amamra, C. Talhi, and J. Robert. 2012. Smartphone malware detection: From a survey towards taxonomy. In Malicious and Unwanted Software (MALWARE).

Digital Library

[4]

B. Amos, H. Turner, and J. White. 2013. Applying machine learning classifiers to dynamic Android malware detection at scale. In Wireless Communications and Mobile Computing Conference (IWCMC).

[5]

Saswat Anand, Mayur Naik, Mary Jean Harrold, and Hongseok Yang. 2012. Automated concolic testing of smartphone apps. In Foundations of Software Engineering (FSE).

Digital Library

[6]

Jeremy Andrus, Christoffer Dall, Alexander Van’t Hof, Oren Laadan, and Jason Nieh. 2011. Cells: A virtual mobile smartphone architecture. In ACM Symposium on Operating Systems Principles (SOSP).

Digital Library

[7]

Apple. 2015. iOS developer library. Retrieved from https://developer.apple.com/library/ios/navigation/.

[8]

Daniel Arp, Michael Spreitzenbarth, Malte Hübner, Hugo Gascon, and Konrad Rieck. 2014. DREBIN: Effective and explainable detection of Android malware in your pocket. In Network and Distributed System Security Symposium.

[9]

Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. FlowDroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In ACM Programming Language Design and Implementation.

Digital Library

[10]

Kathy Wain Yee Au, Yi Fan Zhou, Zhen Huang, Phillipa Gill, and David Lie. 2011. Short paper: A look at smartphone permission models. In ACM Security and Privacy in Smartphones and Mobile Devices (SPSM).

[11]

Kathy Wain Yee Au, Yi Fan Zhou, Zhen Huang, and David Lie. 2012. PScout: Analyzing the Android permission specification. In ACM Computer and Communications Security (CCS).

Digital Library

[12]

Schmidt Aubrey-Derrick and A. Sahin. 2008. Malicious Software for Smartphones. Technical Report. Universität Berlin.

[13]

Tanzirul Azim and Iulian Neamtiu. 2013. Targeted and depth-first exploration for systematic testing of Android apps. In ACM Object Oriented Programming Systems Languages (OOPSLA).

Digital Library

[14]

Michael Backes, Sven Bugiel, Sebastian Gerling, and Philipp von Styp-Rekowsky. 2014. Android security framework: Extensible multi-layered access control on Android. In Annual Computer Security Applications Conference.

Digital Library

[15]

Michael Backes, Sebastian Gerling, Christian Hammer, Matteo Maffei, and Philipp von Styp-Rekowsky. 2013. AppGuard—fine-grained policy enforcement for untrusted Android applications. In Data Privacy Management (DPM).

[16]

Ulrich Bayer, Imam Habibi, Davide Balzarotti, Engin Kirda, and Christopher Kruegel. 2009. A view on current malware behaviors. In USENIX Large-scale Exploits and Emergent Threats (LEET).

[17]

M. Becher, F. C. Freiling, J. Hoffmann, T. Holz, S. Uellenbeck, and C. Wolf. 2011. Mobile security catching up? Revealing the nuts and bolts of the security of mobile devices. In IEEE Security and Privacy (S8P).

Digital Library

[18]

Michael Becher and Felix C. Freiling. 2008. Towards dynamic malware analysis to increase mobile device security. In Sicherheit.

[19]

Michael Becher and Ralf Hund. 2008. Kernel-level interception and applications on mobile devices. Technical Report. Department for Mathematics and Computer Science, University of Mannheim; TR-2008-003. http://ub-madoc.bib.uni-mannheim.de/1933/.

[20]

Alastair R. Beresford, Andrew Rice, Nicholas Skehin, and Ripduman Sohan. 2011. MockDroid: Trading privacy for application functionality on smartphones. In Mobile Computing Systems and Applications (HotMobile).

[21]

BlackBerry. 2013. Architecture and data flow overview. Retrieved from https://help.blackberry.com/en/bes10/10.2/.

[22]

T. Bläsing, L. Batyuk, A.-D. Schmidt, S. A. Camtepe, and S. Albayrak. 2010. An Android application sandbox system for suspicious software detection. In Malicious and Unwanted Software (MALWARE).

[23]

Abhijit Bose, Xin Hu, Kang G. Shin, and Taejoon Park. 2008. Behavioral detection of malware on mobile handsets. In ACM Mobile Systems, Applications, and Services (MobiSys).

Digital Library

[24]

Rodrigo Branco, Gabriel Barbosa, and Pedro Neto. 2012. Scientific but not academical overview of malware anti-debuggin, anti-disassembly and anti-VM technologies. Blackhat USA.

[25]

T. K. Buennemeyer, T. M. Nelson, L. M. Clagett, J. P. Dunning, R. C. Marchany, and J. G. Tront. 2008. Mobile device profiling and intrusion detection using smart Batteries. In Hawaii International Conference on System Sciences (HICSS).

Digital Library

[26]

Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Stephan Heuser, Ahmad-Reza Sadeghi, and Bhargava Shastry. 2011. Practical and lightweight domain isolation on Android. In Security 8 Privacy in Smartphones 8 Mobile Devices (SPSM).

Digital Library

[27]

Iker Burguera, Urko Zurutuza, and Simin Nadjm-Tehrani. 2011. Crowdroid: Behavior-based malware detection system for android. In ACM Security and Privacy in Smartphones and Mobile Devices (SPSM).

Digital Library

[28]

Saurabh Chakradeo, Bradley Reaves, Patrick Traynor, and William Enck. 2013. MAST: Triage for market-scale mobile malware analysis. In ACM Security and Privacy in Wireless and Mobile Networks (WiSec).

Digital Library

[29]

Kevin Zhijie Chen, Noah Johnson, Vijay D’Silva, Shuaifu Dai, Kyle MacNamara, Tom Magrino, Edward XueJun Wu, Martin Rinard, and Dawn Song. 2013. Contextual policy enforcement in Android applications with permission event graphs. In Network and Distributed System Security Symposium (NDSS).

[30]

Jerry Cheng, Starsky H. Y. Wong, Hao Yang, and Songwu Lu. 2007. SmartSiren: Virus detection and alert for smartphones. In ACM Mobile Systems, Applications, and Services (MobiSys).

[31]

Christian Collberg, Clark Thomborson, and Douglas Low. 1997. A taxonomy of obfuscating transformations. http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.38.9852.

[32]

Contagio. 2014. Contagio. Retrieved from http://contagiodump.blogspot.com/.

[33]

Jonathan Crussell, Clint Gibler, and Hao Chen. 2012. Attack of the clones: Detecting cloned applications on aAndroid markets. In European Symposium on Research in Computer Security (ESORICS).

[34]

B. Davis, B. Sanders, A. Khodaverdian, and H. Chen. 2012. I-ARM-Droid: A rewriting framework for in-app reference monitors for Android applications. In IEEE Mobile Security Technologies (MoST).

[35]

Anthony Desnosi and Geoffroy Gueguen. 2012. Android: From reversing to decompilation. In Black Hat Abu Dhabi.

[36]

Michael Dietz, Shashi Shekhar, Dan S. Wallach, and Anhei Shu Yuliy Pisetsky. 2011. QUIRE: Lightweight provenance for smart phone operating systems. In USENIX Security (SEC).

[37]

Daniel Eran Dilger. 2014. New Android RAT infects Google play apps. Retrieved from http://appleinsider.com/articles/14/03/07/new-android-rat-infe cts-google-play-apps-turning-phones-into-spyware-zombies.

[38]

Gianluca Dini, Fabio Martinelli, Andrea Saracino, and Daniele Sgandurra. 2012. MADAM: A multi-level anomaly detector for Android malware. In Mathematical Methods, Models, and Architectures for Computer Network Security.

Digital Library

[39]

Toralv Dirro. 2011. Straight from the anti-malware labs. Retrieved from http://www.mcafee.com/uk/resources/reports/rp-mobile-security-consumer-trends.pdf.

[40]

Alessandro Distefano, Antonio Grillo, Alessandro Lentini, and Giuseppe F. Italiano. 2010. SecureMyDroid: Enforcing security in the mobile devices lifecycle. In ACM Cyber Security and Information Intelligence Research (CSIIRW).

Digital Library

[41]

Joshua Drake, Zach Lanier, Collin Mulliner, Pau Oliva Fora, Stephen A. Ridley, and Georg Wicherski. 2014. Android Hacker’s Handbook (1st ed.). Wiley Publishing.

[42]

Ken Dunham. 2009. Mobile Malware Attacks 8 Defense. Syngress.

[43]

William Enck. 2011. Defending users against smartphone apps: Techniques and future directions. In Information Systems Security Association (ISSA).

[44]

William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. 2010. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In USENIX Operating Systems Design and Implementation (OSDI).

Digital Library

[45]

William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri. 2011. A study of Android application security. In USENIX Security (SEC).

[46]

F-Secure. 2013. Android accounted for 79% of all mobile malware in 2012, 96% in q4 alone. Retrieved from http://www.f-secure.com/static/doc/labs_global/Research/Mobile_Threat_Report_Q4_2012.pdf.

[47]

P. Faruki, A. Bharmal, V. Laxmi, V. Ganmoor, M. S. Gaur, M. Conti, and M. Rajarajan. 2015. Android security: A survey of issues, malware penetration, and defenses. In IEEE Communications Surveys Tutorials.

Digital Library

[48]

Rafael Fedler, Marcel Kulicke, and Julian Schütte. 2013. Native code execution control for attack mitigation on Android. In ACM Security and Privacy in Smartphones and Mobile Devices (SPSM).

Digital Library

[49]

Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, and David Wagner. 2011. Android permissions demystified. In ACM Computer and Communications Security (CCS).

Digital Library

[50]

Adrienne Porter Felt, Serge Egelman, and David Wagner. 2012. I’ve got 99 problems, but vibration ain’t one: A survey of smartphone users’ concerns. In ACM Security and Privacy in Smartphones and Mobile Devices (SPSM).

Digital Library

[51]

Adrienne Porter Felt, Matthew Finifter, Erika Chin, Steve Hanna, and David Wagner. 2011. A survey of mobile malware in the wild. In ACM Security and Privacy in Smartphones and Mobile Devices (SPSM).

Digital Library

[52]

Yu Feng, Saswat Anand, Isil Dillig, and Alex Aiken. 2014. Apposcopy: Semantics-based detection of Android malware. In ACM Foundations of Software Engineering (FSE).

[53]

Torsten Frenzel, Adam Lackorzynski, Alexander Warg, and Hermann Hrtig. 2010. ARM TrustZone as a virtualization technique in embedded systems. In OSADL Real-Time Linux Workshop (RTLWS).

[54]

Tal Garfinkel and R. Mendel. 2003. A virtual machine introspection based architecture for intrusion detection. In Proc. Network and Distributed Systems Security Symposium. 191--206.

[55]

Gartner. 2015. Devices by operating system and user type. Retrieved from http://www.gartner.com/newsroom/id/3010017.

[56]

Andrea Gianazza, Federico Maggi, Aristide Fattori, Lorenzo Cavallaro, and Stefano Zanero. 2014. PuppetDroid: A user-centric UI exerciser for automatic dynamic analysis of similar Android applications. ACM CoRR. abs/1402.4826. http://arxiv.org/abs/1402.4826.

[57]

Clint Gibler, Jonathan Crussell, Jeremy Erickson, and Hao Chen. 2012. AndroidLeaks: Automatically detecting potential privacy leaks in android applications on a large scale. In Trust and Trustworthy Computing (TRUST).

[58]

Lorenzo Gomez, Iulian Neamtiu, Tanzirul Azim, and Todd Millstein. 2013. RERAN: Timing- and touch-sensitive record and replay for android. In ACM International Conference on Software Engineering.

[59]

Michael I. Gordon, Deokhwan Kim, Jeff Perkins, Limei Gilham, Nguyen Nguyen, and Martin Rinard. 2015. Information-flow analysis of Android applications in DroidSafe. In Network and Distributed System Security Symposium.

[60]

Alexander Gostev and Denis Maslennikov. 2009. Mobile malware evolution: An overview. Retrieved from http://www.viruslist.com/en/analysis?pubid=204792080.

[61]

Michael Grace, Yajin Zhou, Qiang Zhang, Shihong Zou, and Xuxian Jiang. 2012. RiskRanker: Scalable and accurate zero-day android malware detection. In ACM Mobile Systems, Applications, and Services (MobiSys).

[62]

Steve Hanna, Ling Huang, Edward Wu, Saung Li, Charles Chen, and Dawn Song. 2013. Juxtapp: A scalable system for detecting code reuse among android applications. In Detection of Intrusions and Malware and Vulnerability.

Digital Library

[63]

Gernot Heiser. 2008. The role of virtualization in embedded systems. In Isolation and Integration in Embedded Systems.

Digital Library

[64]

Dharmdasani Hitesh. 2014. Android.HeHe: Malware disconnects phone calls. Retrieved from http://www.fireeye.com/blog/technical/2014/01/Android-shehe-malware-now-disconnects-phone-calls.html.

[65]

Johannes Hoffmann, Martin Ussath, Thorsten Holz, and Michael Spreitzenbarth. 2013. Slicing droids: Program slicing for smali code. In ACM Symposium on Applied Computing (SAC).

Digital Library

[66]

Jianjun Huang, Xiangyu Zhang, Lin Tan, Peng Wang, and Bin Liang. 2014. AsDroid: Detecting stealthy behaviors in Android applications by user interface and program behavior contradiction. In ACM International Conference on Software Engineering (ICSE).

Digital Library

[67]

Wei Huang, Yao Dong, Ana Milanova, and Julian Dolby. 2015. Scalable and precise taint analysis for Android. In Proceedings of the 2015 International Symposium on Software Testing and Analysis.

Digital Library

[68]

Joo-Young Hwang, Sang bum Suh, Sung-Kwan Heo, Chan-Ju Park, Jae-Min Ryu, Seong-Yeol Park, and Chul-Ryun Kim. 2008. Xen on ARM: System virtualization using Xen hypervisor for ARM-based secure mobile phones. In IEEE Consumer Communications and Networking Conference (CCNC).

[69]

Ham Hyo-Sik and Choi Mi-Jung. 2013. Analysis of Android malware detection performance using machine learning classifiers. In Cybercrime and Trustworthy Computing (CTC).

[70]

InformationWeek. 2014. Cybercrime black markets grow up. Retrieved from http://www.informationweek.com/cybercrime-black-markets-grow-up/d/d-id/1127911.

[71]

Grant A. Jacoby. 2004. Battery-based intrusion detection. In IEEE Global Communications (GLOBECOM).

[72]

Richard Jensen and Qiang Shen. 2008. Computational Intelligence and Feature Selection: Rough and Fuzzy Approaches. Wiley-IEEE Press.

[73]

Xuxian Jiang. 2012. An evaluation of the application (“app”) verification service in Android 4.2. Retrieved from http://www.cs.ncsu.edu/faculty/jiang/appverify/.

[74]

Ruofan Jin and Bing Wang. 2013. Malware detection for mobile devices using software-defined networking. In GENI Research and Educational Experiment Workshop (GREE).

Digital Library

[75]

Yiming Jing, Gail-Joon Ahn, Ziming Zhao, and Hongxin Hu. 2014. RiskMon: Continuous and automated risk assessment of mobile applications. In ACM Data and Application Security and Privacy (CODASPY).

[76]

Juniper. 2013. Networks 3^rd annual mobile threats report March 2012 through March 2013. Retrieved from http://www.juniper.net/us/en/local/pdf/additional-resources/jnpr-2012-mobile-threats-report.pdf.

[77]

Min Kang, Stephen McCamant, Pongsin Poosankam, and Dawn Song. 2011. Network and distributed system security symposium, (NDSS). The Internet Society.

[78]

Mikhail Kazdagli, Ling Huang, Vijay Reddi, and Mohit Tiwari. 2014. Morpheus: Benchmarking computational diversity in mobile malware. In Hardware 8 Architectural Support for Security 8 Privacy (HASP).

[79]

Hahnsang Kim, Joshua Smith, and Kang G. Shin. 2008. Detecting energy-greedy anomalies and mobile malware variants. ACM Mobile Systems, Applications, and Services (MobiSys). (2008).

[80]

Jinyung Kim, Yongho Yoon, Kwangkeun Yi, and Junbum Shin. 2012. ScanDal: Static analyzer for detecting privacy leaks in Android applications. In IEEE Mobile Security Technologies (MoST).

[81]

Mudge Kingpin. 2001. Security analysis of the palm operating system and its weaknesses against malicious code threats. In USENIX Security.

[82]

Tero Kuittenin. 2013. Google play app revenue rockets to more than half of iOS. Retrieved from http://bgr.com/2013/09/20/google-play-app-revenue-ios-august/.

[83]

Anil Kurmus and Robby Zippel. 2014. A tale of two kernels: Towards ending kernel hardening wars with split kernel. In ACM Computer and Communications Security (CCS).

Digital Library

[84]

M. La Polla, F. Martinelli, and D. Sgandurra. 2013. A survey on security for mobile devices. IEEE Communications Surveys Tutorials (COMST).

[85]

E. Lagerspetz, Hien Thi Thu Truong, S. Tarkoma, and N. Asokan. 2014. MDoctor: A mobile malware prognosis application. In IEEE Conference on Distributed Computing Systems Workshops (ICDCS).

Digital Library

[86]

Charles Lever, Manos Antonakakis, Reaves, Patrick Traynor, and Wenke Lee. 2013. The core of the matter: Analyzing malicious traffic in cellular carriers. In Network and Distributed System Security Symposium (NDSS).

[87]

Juanru Li, Wenbo Yang, Junliang Shu, Yuanyuan Zhang, and Dawu Gu. 2014. InDroid: An automated online analysis framework for Android applications. In Crisis Intervention Team (CIT).

[88]

Li Li, Alexandre Bartel, Tegawendé F. Bissyandé, Jacques Klein, Yves Le Traon, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, and Patrick Mcdaniel. 2015. IccTA: Detecting inter-component privacy leaks in android apps. In ACM International Conference on Software Engineering (ICSE).

[89]

Tung Liam. 2014. Modded firmware may harbour worlds first Android bootkit. Retrieved from http://www.zdnet.com/modded-firmware-may-harbour-worlds-first-android-bootkit-7000025665/.

[90]

Martina Lindorfer, Matthias Neugschwandtner, Lukas Weichselbaum, Yanick Fratantonio, Victor van der Veen, and Christian Platzer. 2014. ANDRUBIS-1,000,000 apps later: A view on current Android malware behaviors. In Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS).

[91]

Lookout. 2010. Security alert: Geinimi, sophisticated new Android trojan found in wild. Retrieved from https://blog.lookout.com/blog/2010/12/29/geinimi_trojan/.

[92]

Aravind Machiry, Rohan Tahiliani, and Mayur Naik. 2013. Dynodroid: An input generation system for Android apps. In ACM Foundations of Software Engineering (FSE).

[93]

Federico Maggi, Andrea Valdi, and Stefano Zanero. 2013. AndroTotal: A flexible, scalable toolbox and service for testing mobile malware detectors. In ACM Security and Privacy in Smartphones and Mobile Devices (SPSM).

Digital Library

[94]

Riyadh Mahmood, Nariman Mirzaei, and Sam Malek. 2014. EvoDroid: Segmented evolutionary testing of android apps. In Foundations of Software Engineering (FSE).

[95]

Dominik Maier, Tilo Mller, and Mykola Protsenko. 2014. Divide-and-conquer: Why Android malware cannot be stopped. In Availability, Reliability and Security (ARES).

[96]

Davide Maiorca, Davide Ariu, Igino Corona, Marco Aresu, and Giorgio Giacinto. 2015. Stealth attacks: An extended insight into the obfuscation effects on Android malware. In Computers 8 Security (JCS).

[97]

Claudio Marforio, Hubert Ritzdorf, Aurélien Francillon, and Srdjan Capkun. 2012. Analysis of the communication between colluding applications on modern smartphones. In Annual Computer Security Applications Conference (ACSAC).

Digital Library

[98]

McAfee. 2013. Threats report. Retrieved from http://www.mcafee.com/uk/resources/reports/rp-quarterly-threat-q1-2013.pdf.

[99]

McAfee. 2014. Mobile security report. Retrieved from http://www.mcafee.com/uk/resources/reports/rp-mobile-security-consumer-trends.pdf.

[100]

McAfee. 2015. Labs threats report. Retrieved from http://www.mcafee.com/uk/resources/reports/rp-quarterly-threat-q1-2015.pdf.

[101]

Joseph Menn. 2011. Smartphone shipments surpass PCs. Retrieved from http://www.ft.com/cms/s/2/d96e3bd8-33ca-11e0-b1ed-00144feabdc0.html.

[102]

M. Miettinen, P. Halonen, and K. Hatonen. 2006. Host-based intrusion detection for advanced mobile devices. In Advanced Information Networking and Applications (AINA).

Digital Library

[103]

Yves Moreau, Peter Burge John Shawe-taylor, Christof Stoermann, Siemens Ag, and Chris Cooke Vodafone. 1996. Novel techniques for fraud detection in mobile telecommunication networks. In Association for the Advancement of Artificial Intelligence (AAAI).

[104]

A. Moser, C. Kruegel, and E. Kirda. 2007. Limits of static analysis for malware detection. In Annual Computer Security Applications Conference (ACSAC).

[105]

Collin Mulliner, William Robertson, and Engin Kirda. 2014. VirtualSwindle: An automated attack against in-app billing on Android. In ACM Symposium on Information, Computer and Communications Security (AsiaCCS).

Digital Library

[106]

D. C. Nash, T. L. Martin, D. S. Ha, and M. S. Hsiao. 2005. Towards an intrusion detection system for battery exhaustion attacks on mobile computing devices. In IEEE Pervasive Computing and Communications (PerCom).

Digital Library

[107]

Damien Octeau, Patrick McDaniel, Somesh Jha, Alexandre Bartel, Eric Bodden, Jacques Klein, and Yves Le Traon. 2013. Effective inter-component communication mapping in android with epicc: An essential step towards holistic security analysis. In USENIX Security (SEC).

[108]

M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel. 2009. Semantically rich application-centric security in Android. In Annual Computer Security Applications Conference (ACSAC).

Digital Library

[109]

Rahul Pandita, Xusheng Xiao, Wei Yang, William Enck, and Tao Xie. 2013. WHYPER: Towards automating risk assessment of mobile applications. In USENIX Security (SEC).

[110]

Bogdan Petrovan. 2015. Google is now manually reviewing apps. Retrieved from http://www.androidauthority.com/google-now-manually-reviewing-apps-submitted-to-play-store-594879/.

[111]

Thanasis Petsas, Giannis Voyatzis, Elias Athanasopoulos, Michalis Polychronakis, and Sotiris Ioannidis. 2014. Rage against the virtual machine: Hindering dynamic analysis of Android malware. In European System Security Workshop.

Digital Library

[112]

Sebastian Poeplau, Yanick Fratantonio, Antonio Bianchi, Christopher Kruegel, and Giovanni Vigna. 2014. Execute this! Analyzing unsafe and malicious dynamic code loading in Android applications. In Network and Distributed System Security Symposium (NDSS).

[113]

M. La Polla, F. Martinelli, and D. Sgandurra. 2013. A survey on security for mobile devices. IEEE Communications Surveys Tutorials 15, 1 (2013), 446--471.

[114]

Siegfried Rasthofer, Steven Arzt, and Eric Bodden. 2014. A machine learning approach for classifying and categorizing Android sources and sinks. In Network and Distributed System Security Symposium (NDSS).

[115]

Siegfried Rasthofer, Steven Arzt, Marc Miltenberger, and Eric Bodden. 2016. Harvesting runtime values in Android applications that feature anti-analysis techniques. In 23nd Annual Network and Distributed System Security Symposium (NDSS). San Diego, California, USA. http://www.internetsociety.org/sites/default/files/blogs-media/harvesting-runtime-values-android-applications-feature-anti-analysis-techniques.pdf.

[116]

Vaibhav Rastogi, Yan Chen, and Xuxian Jiang. 2013. DroidChameleon: Evaluating Android anti-malware against transformation attacks. In ACM Special Interest Group on Security, Audit and Control (SIGSAC).

[117]

Lenin Ravindranath, Jitendra Padhye, Sharad Agarwal, Ratul Mahajan, Ian Obermiller, and Shahin Shayandeh. 2012. AppInsight: Mobile app performance monitoring in the wild. In Operating Systems Design and Implementation (OSDI).

[118]

The Register. 2013. Earn 8,000 a month with bogus apps from Russian malware factories. Retrieved from http://www.theregister.co.uk/2013/08/05/mobile_malware_lookout/.

[119]

Sanae Rosen, Zhiyun Qian, and Z. Morely Mao. 2013. AppProfiler: A flexible method of exposing privacy-related behavior in Android applications to end users. In ACM Conference on Data 8 Application Security 8 Privacy (CODASPY).

Digital Library

[120]

Ethan Rudd, Andras Rozsa, Manuel Gunther, and Terrance Boult. 2016. A survey of stealth malware: Attacks, mitigation measures, and steps toward autonomous open world solutions. CoRR. abs/1603.06028. http://arxiv.org/abs/1603.06028.

[121]

Didier Samfat and Refik Molva. 1997. Idamn: An intrusion detection architecture for mobile networks. IEEE Journal on Selected Areas in Communications (J-SAC) 15, 7 (Sept. 1997), 1373--1380.

Digital Library

[122]

Andreas Terzis Sandeep Sarat. 2007. On the detection and origin identification of mobile worms. In ACM Workshop on Rapid Malcode (WORM).

[123]

Chit La Pyae Myo Hein and Khin Mar Myo. 2016. Characterization of malware detection on Android application. Genetic and Evolutionary Computing: Proceedings of the Ninth International Conference on Genetic and Evolutionary Computing, Thi Thi Zin, Jerry Chun-Wei Lin, Jeng-Shyang Pan, Pyke Tin, and Mitsuhiro Yokota (Eds.). Vol. 1. Springer International Publishing, Yangon, Myanmar, 113--124.

[124]

Bhaskar Pratim Sarma, Ninghui Li, Chris Gates, Rahul Potharaju, Cristina Nita-Rotaru, and Ian Molloy. 2012. Android permissions: A perspective combining risks and benefits. In Symposium on Access Control Models 8 Technologies.

Digital Library

[125]

A.-D. Schmidt, R. Bye, H.-G. Schmidt, J. Clausen, O. Kiraz, K. A. Yuksel, S. A. Camtepe, and S. Albayrak. 2009a. Static analysis of executables for collaborative malware detection on Android. IEEE International Conference on Communications (ICC).

[126]

A.-D. Schmidt, J. H. Clausen, A. Camtepe, and S. Albayrak. 2009b. Detecting symbian OS malware through static function call analysis. In Malicious and Unwanted Software (MALWARE).

[127]

Securelist. 2013. Mobile malware evolution: 2013. Retrieved from https://www.securelist.com/ en/analysis/204792326/Mobile-Malware-Evolution-2013.

[128]

Asaf Shabtai and Yuval Elovici. 2010. Applying behavioral detection on Android-based devices. In Mobilware.

[129]

Asaf Shabtai, Uri Kanonov, Yuval Elovici, Chanan Glezer, and Yael Weiss. 2012. “Andromaly”: A behavioral malware detection framework for Android devices. Journal of Intelligent Information Systems (JIIS) 38, 1 (2012), 161--190.

Digital Library

[130]

SlideME. 2013. SlideME Android apps market: Download free 8 paid Android application. Retrieved from http://slideme.org/.

[131]

Alexey Smirnov, Mikhail Zhidko, Yingshiuan Pan, Po-Jui Tsao, Kuang-Chih Liu, and Tzi-Cker Chiueh. 2013. Evaluation of a server-grade software-only ARM hypervisor. In IEEE Conference on Cloud Computing (CLOUD).

Digital Library

[132]

Sophos. 2012. Angry birds malware—Firm fined 50,000 for profiting from fake Android apps. Retrieved from http://nakedsecurity.sophos.com/2012/05/24/angry-birds-malware-fine/.

[133]

Sophos. 2014. Feejar-B. Retrieved from http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Andr Feejar-B.aspx.

[134]

Michael Spreitzenbarth, Felix Freiling, Florian Echtler, Thomas Schreck, and Johannes Hoffmann. 2013. Mobile-sandbox: Having a deeper look into android applications. In ACM Symposium on Applied Computing (SAC).

Digital Library

[135]

Tim Strazzere. 2014. The new NotCompatible. Retrieved from https://blog.lookout.com/blog/2014/11/19/notcompatible/.

[136]

G. Suarez, J. E. Tapiador, P. Peris-Lopez, and A. Ribagorda. 2014. Evolution, detection and analysis of malware for smart devices. IEEE Communications Surveys Tutorials (COMST).

[137]

Sufatrio, Darell J. J. Tan, Tong-Wei Chua, and Vrizlynn L. L. Thing. 2015. Securing Android: A survey, taxonomy, and challenges. ACM Computing Survey.

[138]

Symantec. 2013. Mobile adware and malware analysis. Retrieved from http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/madware_and_malware_analysis.pdf.

[139]

Symantec. 2014. The future of mobile malware. Retrieved from http://www.symantec.com/connect/blogs/future-mobile-malware.

[140]

Kimberly Tam, Nigel Edwards, and Lorenzo Cavallaro. 2015a. Detecting Android malware using memory image forensics. In Engineering Secure Software and Systems (ESSoS) Doctoral Symposium.

[141]

Kimberly Tam, Salahuddin Khan, Aristide Fattori, and Lorenzo Cavallaro. 2015b. A system call-centric analysis and stimulation technique to automatically reconstruct android malware behaviors. Network and Distributed System Security Symposium (NDSS).

[142]

Techcrunch. 2013. Android accounted for 79 alone, says f-secure. Retrieved from http://techcrunch.com/2013/03/07/f-secure-android-accounted-for-79-of-all-mobile-malware-in-2012-96-in-q4-alone/.

[143]

Peter Teufl, Michaela Ferk, Andreas Fitzek, Daniel Hein, Stefan Kraxberger, and Clemens Orthacker. 2014. Malware detection by applying knowledge discovery processes to application metadata on the Android market (Google play). Journal Security and Communication Networks (SCN).

[144]

Hien Thi Thu Truong, Eemil Lagerspetz, Petteri Nurmi, Adam J. Oliner, Sasu Tarkoma, N. Asokan, and Sourav Bhattacharya. 2013. The company you keep: Mobile malware infection rates and inexpensive risk indicators. ACM Computing Research Repository (CoRR).

[145]

Roman Unuchek. 2013. The most sophisticated Android trojan. Retrieved from http://www.securelist.com/en/blog/8106/The_most_sophisticated_Android_Trojan.

[146]

Ashlee Vance. 2013. Behind the “Internet of Things” is Android. Retrieved from http://www.bloomberg.com/bw/articles/2013-05-29/behind-the-internet-of-things-is-android-and-its-everywhere.

[147]

Prashant Varanasi and Gernot Heiser. 2011. Hardware-supported virtualization on ARM. In APSys.

Digital Library

[148]

Timothy Vidas and Nicolas Christin. 2013. Sweetening android lemon markets: Measuring and combating malware in application marketplaces. In ACM Conference on Data and Application Security and Privacy (CODASPY).

Digital Library

[149]

Timothy Vidas and Nicolas Christin. 2014. PREC: Practical root exploit containment for Android devices. In ACM Conference on Data and Application Security and Privacy (CODASPY).

[150]

Timothy Vidas, Jiaqi Tan, Jay Nahata, Chaur Lih Tan, Nicolas Christin, and Patrick Tague. 2014. A5: Automated analysis of adversarial Android applications. In ACM Security and Privacy in Smartphones and Mobile Devices (SPSM).

Digital Library

[151]

Timothy Vidas, Daniel Votipka, and Nicolas Christin. 2011. All your droid are belong to us: A survey of current android attacks. In USENIX Conference on Offensive Technologies (WOOT).

[152]

Marko Vitas. 2013. ART vs Dalvik. Retrieved from http://www.infinum.co/the-capsized-eight/articles/art-vs-dalvik-introducing-the-new-android-runtime-in-kit-kat. (2013).

[153]

Fengguo Wei, Sankardas Roy, Xinming Ou, and Robby. 2014. AmAndroid: A precise and general inter-component data flow analysis framework for security vetting of Android apps. Computer 8 Communications Security (CCS).

[154]

Xuetao Wei, Lorenzo Gomez, Iulian Neamtiu, and Michalis Faloutsos. 2012a. Permission evolution in the android ecosystem. In Annual Computer Security Applications Conference (ACSAC).

Digital Library

[155]

Xuetao Wei, Lorenzo Gomez, Iulian Neamtiu, and Michalis Faloutsos. 2012b. ProfileDroid: Multi-layer profiling of android applications. In ACM Mobile Computing and Networking (MobiCom).

[156]

Lukas Weichselbaum, Matthias Neugschwandtner, Martina Lindorfer, Yanick Fratantonio, Victor van der Veen, and Christian Platzer. 2012. Andrubis: A tool for analyzing unknown android applications. Retrieved from http://blog.iseclab.org/2012/06/04/andrubis-a-tool-for-analyzing-unknown-android-applications-2/.

[157]

Johannes Winter, Paul Wiegele, Martin Pirker, and Ronald Tögl. 2012. A flexible software development and emulation framework for ARM TrustZone. In International Conference on Trustworthy Systems (INTRUST).

Digital Library

[158]

Michelle Wong and David Lie. 2016. Going native: Using a large-scale analysis of Android apps to create a practical native-code sandboxing policy. In Network and Distributed System Security Symposium (NDSS).

[159]

Dong-Jie Wu, Ching-Hao Mao, Te-En Wei, Hahn-Ming Lee, and Kuo-Ping Wu. 2012. DroidMat: Android malware detection through manifest and API calls tracing. In Asia Joint Conference on Information Security (Asia JCIS).

Digital Library

[160]

Cui Xiang, Fang Binxing, Yin Lihua, Liu Xiaoyi, and Zang Tianning. 2014. AirBag: Boosting smartphone resistance to malware infection. In Network and Distributed System Security Symposium (NDSS).

[161]

Meng Xu, Chengyu Song, Yang Ji, Ming-Wei Shih, Kangjie Lu, Cong Zheng, Ruian Duan, Yeongjin Jang, Byoungyoung Lee, Chenxiong Qian, Sangho Lee, and Taesoo Kim. 2016. Toward engineering a secure android ecosystem: A survey of existing techniques. ACM Comput. Surv. 49, 2 (Aug. 2016), 38:1--38:47.

Digital Library

[162]

Rubin Xu, Hassen Saïdi, and Ross Anderson. 2012. Aurasium: Practical policy enforcement for Android applications. In USENIX Security (SEC).

[163]

Xuxian Jiang Yajin Zhou. 2013. Detecting passive content leaks and pollution in Android applications. In Network and Distributed System Security Symposium (NDSS).

[164]

Lok Kwong Yan and Heng Yin. 2012. DroidScope: Seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis. In USENIX Security (SEC).

[165]

Wei Yang, Xusheng Xiao, Benjamin Andow, Sihan Li, Tao Xie, and William Enck. 2015. AppContext: Differentiating malicious and benign mobile app behaviors using context. In International Conference on Software Engineering.

[166]

Zhemin Yang, Min Yang, Yuan Zhang, Guofei Gu, Peng Ning, and X. Sean Wang. 2013. AppIntent: Analyzing sensitive data transmission in Android for privacy leakage detection. In ACM Computer and Communications Security (CCS).

[167]

Suleiman Y. Yerima, Sakir Sezer, and Gavin McWilliams. 2014. Analysis of Bayesian classification-based approaches for Android malware detection. IET Information Security (IETIS).

[168]

Wei You, Bin Lian, Wenchang Shi, and Xiangyu Zhang. 2015. Android implicit information flow demystified. In Asia Computer and Communications Security (AsiaCCS).

Digital Library

[169]

Jonas Zaddach, Luca Bruno, Aurelien Francillon, and Davide Balzarotti. 2014. Avatar: A framework to support dynamic security analysis of embedded systems’ firmwares. In Network and Distributed System Security Symposium.

[170]

Mu Zhang, Yue Duan, Heng Yin, and Zhiruo Zhao. 2014. Semantics-aware android malware classification using weighted contextual API dependency graphs. In 21st ACM Conference on Computer and Communications Security.

Digital Library

[171]

Mu Zhang and Heng Yin. 2013. AppSealer: Automatic generation of vulnerability-specific patches for preventing component hijacking attacks in Android applications. In Network and Distributed System Security Symposium (NDSS).

[172]

Yuan Zhang, Min Yang, Bingquan Xu, Zhemin Yang, Guofei Gu, Peng Ning, X. Sean Wang, and Binyu Zang. 2013. Vetting undesirable behaviors in Android apps with permission use analysis. In Computer 8 Communications Security.

Digital Library

[173]

Cong Zheng, Shixiong Zhu, Shuaifu Dai, Guofei Gu, Xiaorui Gong, Xinhui Han, and Wei Zou. 2012. SmartDroid: an automatic system for revealing UI-based trigger conditions in Android applications. ACM SPSM.

Digital Library

[174]

Min Zheng, Patrick P. C. Lee, and John C. S. Lui. 2013a. ADAM: An automatic and extensible platform to stress test Android anti-virus systems. In Detection of Intrusions and Malware and Vulnerability (DIMVA).

[175]

Min Zheng, Mingshen Sun, and John C. S. Lui. 2013b. DroidAnalytics: A signature based analytic system to collect, extract, analyze and associate Android malware. ACM Computing Research Repository (CoRR).

[176]

Wu Zhou, Zhi Wang, Yajin Zhou, and Xuxian Jiang. 2014. DIVILAR: Diversifying intermediate language for anti-repackaging on Android platform. In ACM Data and Application Security and Privacy (CODASPY).

Digital Library

[177]

Wu Zhou, Yajin Zhou, Michael Grace, Xuxian Jiang, and Shihong Zou. 2013. Fast, scalable detection of “piggybacked” mobile applications. In ACM Conference on Data and Application Security and Privacy (CODASPY).

Digital Library

[178]

Wu Zhou, Yajin Zhou, Xuxian Jiang, and Peng Ning. 2012. Detecting repackaged smartphone applications in third-party Android marketplaces. In ACM Conference on Data 8 Application Security 8 Privacy (CODASPY).

Digital Library

[179]

Yajin Zhou and Xuxian Jiang. 2012a. Android malware genome project. Retrieved from http://www.malgenomeproject.org/.

[180]

Yajin Zhou and Xuxian Jiang. 2012b. Dissecting Android malware: Characterization and evolution. IEEE S8P.

[181]

Yajin Zhou, Zhi Wang, Wu Zhou, and Xuxian Jiang. 2012. Hey, you, get off of my market: Detecting malicious apps in official and alternative Android markets. In Network and Distributed System Security Symposium (NDSS).

Cited By

Gupta RSharma KGarg R(2024)Innovative Approach to Android Malware Detection: Prioritizing Critical Features Using Rough Set TheoryElectronics10.3390/electronics1303048213:3(482)Online publication date: 23-Jan-2024
https://doi.org/10.3390/electronics13030482
Wajahat AHe JZhu NMahmood TNazir AUllah FQureshi SOsman M(2024)An effective deep learning scheme for android malware detection leveraging performance metrics and computational resourcesIntelligent Decision Technologies10.3233/IDT-23028418:1(33-55)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.3233/IDT-230284
Gao CHuang GLi HWu BWu YYuan WRoychoudhury APaiva AAbreu RStorey M(2024)A Comprehensive Study of Learning-based Android Malware Detectors under Challenging EnvironmentsProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3623320(1-13)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3623320
Show More Cited By

Index Terms

The Evolution of Android Malware and Android Analysis Techniques
1. Security and privacy
  1. Systems security
    1. Operating systems security
      1. Mobile platform security

Recommendations

Effectiveness of Android Obfuscation on Evading Anti-malware
CODASPY '18: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy

Obfuscation techniques have been conventionally used for legitimate applications, including preventing application reverse engineering, tampering and protecting intellectual property. A malware author could also leverage these benign techniques to hide ...
Read More
Hartley's test ranked opcodes for Android malware analysis
SIN '15: Proceedings of the 8th International Conference on Security of Information and Networks

The popularity and openness of Android platform encourage malware authors to penetrate various market places with malicious applications. As a result, malware detection has become a critical topic in security. Currently signature-based system is able to ...
Read More
Identifying Unknown Android Malware with Feature Extractions and Classification Techniques
TRUSTCOM '15: Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA - Volume 01

Android malware unfortunately have little difficulty to sneak in marketplaces. While known malware and their variants are nowadays quite well detected by antivirus scanners, new unknown malware, which are fundamentally different from others (e.g. "0-day"...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Computing Surveys

ACM Computing Surveys Volume 49, Issue 4

December 2017

666 pages

ISSN:0360-0300

EISSN:1557-7341

DOI:10.1145/3022634

Editor:
Sartaj Sahni
Department of Computer and Information Science and Engineering / University of Florida / Gainesville, FL 32611

Issue’s Table of Contents

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 January 2017

Accepted: 01 November 2016

Revised: 01 September 2016

Received: 01 May 2015

Published in CSUR Volume 49, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Survey
Research
Refereed

Funding Sources

UK EPSRC
Ministry of Science, Technology and Innovation

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

262
Total Citations
View Citations
5,384
Total Downloads

Downloads (Last 12 months)338
Downloads (Last 6 weeks)26

Other Metrics

View Author Metrics

Citations

Cited By

Gupta RSharma KGarg R(2024)Innovative Approach to Android Malware Detection: Prioritizing Critical Features Using Rough Set TheoryElectronics10.3390/electronics1303048213:3(482)Online publication date: 23-Jan-2024
https://doi.org/10.3390/electronics13030482
Wajahat AHe JZhu NMahmood TNazir AUllah FQureshi SOsman M(2024)An effective deep learning scheme for android malware detection leveraging performance metrics and computational resourcesIntelligent Decision Technologies10.3233/IDT-23028418:1(33-55)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.3233/IDT-230284
Gao CHuang GLi HWu BWu YYuan WRoychoudhury APaiva AAbreu RStorey M(2024)A Comprehensive Study of Learning-based Android Malware Detectors under Challenging EnvironmentsProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3623320(1-13)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3623320
Chen YTang RZuo CZhang XXue LLuo XZhao QRoychoudhury APaiva AAbreu RStorey M(2024)Attention! Your Copied Data is Under Monitoring: A Systematic Study of Clipboard Usage in Android AppsProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3623317(1-13)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3623317
Dickey KHwang DKim D(2024)Analyzing Various Machine Learning Approaches for Detecting Android MalwareSoutheastCon 202410.1109/SoutheastCon52093.2024.10500178(1288-1293)Online publication date: 15-Mar-2024
https://doi.org/10.1109/SoutheastCon52093.2024.10500178
Aurangzeb SAleem MKhan MLoukas GSakellari G(2024)AndroDex: Android Dex Images of Obfuscated MalwareScientific Data10.1038/s41597-024-03027-311:1Online publication date: 16-Feb-2024
https://doi.org/10.1038/s41597-024-03027-3
Kumar MSingh SPilania UArora GJain M(2024)LSTM-based Approach for Android Malware DetectionProcedia Computer Science10.1016/j.procs.2023.12.123230:C(679-687)Online publication date: 12-Apr-2024
https://dl.acm.org/doi/10.1016/j.procs.2023.12.123
Schmutz DRapp RFehrensen B(2024)Forensic analysis of hook Android malwareForensic Science International: Digital Investigation10.1016/j.fsidi.2024.30176949(301769)Online publication date: Jun-2024
https://doi.org/10.1016/j.fsidi.2024.301769
Haidros Rahima Manzil HManohar Naik S(2024)Detection approaches for android malwareExpert Systems with Applications: An International Journal10.1016/j.eswa.2023.122255238:PFOnline publication date: 15-Mar-2024
https://dl.acm.org/doi/10.1016/j.eswa.2023.122255
Dhalaria MGandotra E(2024)MalDetectExpert Systems with Applications: An International Journal10.1016/j.eswa.2023.121155235:COnline publication date: 10-Jan-2024
https://dl.acm.org/doi/10.1016/j.eswa.2023.121155
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents