research-article

Android Malware Static Analysis Techniques

Authors:

Suzanna Schmeelk,

Alfred AhoAuthors Info & Claims

CISR '15: Proceedings of the 10th Annual Cyber and Information Security Research Conference

Article No.: 5, Pages 1 - 8

https://doi.org/10.1145/2746266.2746271

Published: 07 April 2015 Publication History

Abstract

During 2014, Business Insider announced that there are over a billion users of Android worldwide. Government officials are also trending towards acquiring Android mobile devices. Google's application architecture is already ubiquitous and will keep expanding. The beauty of an application-based architecture is the flexibility, interoperability and customizability it provides users. This same flexibility, however, also allows and attracts malware development.

This paper provides a horizontal research analysis of techniques used for Android application malware analysis. The paper explores techniques used by Android malware static analysis methodologies. It examines the key analysis efforts used by examining applications for permission leakage and privacy concerns. The paper concludes with a discussion of some gaps of current malware static analysis research.

References

[1]

S. Anwer, A. Aggarwal, R. Purandare, and V. Naik. Chiromancer: A tool for boosting android application performance. In Proc. of the 1st International Conf. on Mobile Software Engineering and Systems, MOBILESoft 2014, NY, NY, USA, 2014. ACM.

Digital Library

[2]

S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau, and P. McDaniel. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. SIGPLAN Not., 49(6), June 2014.

Digital Library

[3]

S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau, and P. McDaniel. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In Proc. of the 35th ACM SIGPLAN Conf. on Programming Language Design and Implementation, PLDI '14, NY, NY, USA, 2014. ACM.

Digital Library

[4]

A. Bartel, J. Klein, Y. Le Traon, and M. Monperrus. Dexpler: Converting android dalvik bytecode to jimple for static analysis with soot. In Proc. of the ACM SIGPLAN International Workshop on State of the Art in Java Program Analysis, SOAP '12, NY, NY, USA, 2012. ACM.

Digital Library

[5]

L. Batyuk, M. Herpich, S. Camtepe, K. Raddatz, A.-D. Schmidt, and S. Albayrak. Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within android applications. In Malicious and Unwanted Software (MALWARE), 2011 6th International Conf., Oct 2011.

Digital Library

[6]

M. Bishop. Introduction to Computer Security. Addison-Wesley Professional, 2004.

Digital Library

[7]

J. Cheng. Samsung security platform to be part of next android version. Wall Street Journal., June 2014.

[8]

E. Chin, A. P. Felt, K. Greenwood, and D. Wagner. Analyzing inter-application communication in android. In Proc. of the 9th International Conf. on Mobile Systems, Applications, and Services, MobiSys '11, NY, NY, USA, 2011. ACM.

Digital Library

[9]

J. Edwards. Proof that android really is for the poor. Business Insider., June 2014.

[10]

W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri. A study of android application security. In Proc. of the 20th USENIX Conf. on Security, SEC'11, Berkeley, CA, USA, 2011. USENIX Association.

Digital Library

[11]

E. Erturk. A case study in open source software security and privacy: Android adware. In Internet Security (WorldCIS), 2012 World Congress, June 2012.

[12]

A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android permissions demystified. In Proc. of the 18th ACM Conf. on Computer and Communications Security, CCS '11, NY, NY, USA, 2011. ACM.

Digital Library

[13]

Y. Feng, S. Anand, I. Dillig, and A. Aiken. Apposcopy: Semantics-based detection of android malware through static analysis. In Proc. of the 22Nd ACM SIGSOFT International Symp. on Foundations of Software Engineering, FSE 2014, NY, NY, USA, 2014. ACM.

Digital Library

[14]

M. Gargenta and M. Nakamura. Learning Android: Develop Mobile Apps Using Java and Eclipse. O'Reilly Media, Inc., 2nd edition, 2014.

Digital Library

[15]

C. Gibler, J. Crussell, J. Erickson, and H. Chen. Androidleaks: Automatically detecting potential privacy leaks in android applications on a large scale. In Proc. of the 5th International Conf. on Trust and Trustworthy Computing, TRUST'12, Berlin, Heidelberg, 2012. Springer-Verlag.

Digital Library

[16]

Google. Android online developer portal. http://developer.android.com/. Acc. Dec. 1, 2014.

[17]

Google. Android open source project. https://source.android.com/. Acc. Dec. 1, 2014.

[18]

M. Graa, N. Cuppens-Boulahia, F. Cuppens, and A. Cavalli. Detecting control flow in smarphones: Combining static and dynamic analyses. In Proc. of the 4th International Conf. on Cyberspace Safety and Security, CSS'12, Berlin, Heidelberg, 2012. Springer-Verlag.

Digital Library

[19]

H. Hao, V. Singh, and W. Du. On the effectiveness of api-level access control using bytecode rewriting in android. In Proc. of the 8th ACM SIGSAC Symp. on Information, Computer and Communications Security, ASIA CCS '13, NY, NY, USA, 2013. ACM.

Digital Library

[20]

J. Huang, X. Zhang, L. Tan, P. Wang, and B. Liang. Asdroid: Detecting stealthy behaviors in android applications by user interface and program behavior contradiction. In Proc. of the 36th International Conf. on Software Engineering, ICSE 2014, NY, NY, USA, 2014. ACM.

Digital Library

[21]

R. Johnson, Z. Wang, C. Gagnon, and A. Stavrou. Analysis of android applications' permissions. In Software Security and Reliability Companion (SERE-C), 2012 IEEE Sixth International Conf. on, June 2012.

Digital Library

[22]

R. Johnson, Z. Wang, A. Stavrou, and J. Voas. Exposing software security and availability risks for commercial mobile devices. In Reliability and Maintainability Symp. (RAMS), 2013 Proc. - Annual, Jan 2013.

[23]

J. Lerch, B. Hermann, E. Bodden, and M. Mezini. Flowtwist: Efficient context-sensitive inside-out taint analysis for large codebases. In Proc. of the 22Nd ACM SIGSOFT International Symp. on Foundations of Software Engineering, FSE 2014, NY, NY, USA, 2014. ACM.

Digital Library

[24]

S. Liang, A. W. Keep, M. Might, S. Lyde, T. Gilray, P. Aldous, and D. Van Horn. Sound and precise malware analysis for android via pushdown reachability and entry-point saturation. In Proc. of the Third ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM '13, NY, NY, USA, 2013. ACM.

Digital Library

[25]

L. Lu, Z. Li, Z. Wu, W. Lee, and G. Jiang. Chex: Statically vetting android apps for component hijacking vulnerabilities. In Proc. of the 2012 ACM Conf. on Computer and Communications Security, CCS '12, NY, NY, USA, 2012. ACM.

Digital Library

[26]

C. Mann and A. Starostin. A framework for static detection of privacy leaks in android applications. In Proc. of the 27th Annual ACM Symp. on Applied Computing, SAC '12, NY, NY, USA, 2012. ACM.

Digital Library

[27]

Microsoft. Malware protection center glossary. http://www.microsoft.com/. Acc. Dec. 1, 2014.

[28]

u. Nikolić and F. Spoto. Reachability analysis of program variables. ACM Trans. Program. Lang. Syst., 35(4), Jan. 2014.

Digital Library

[29]

Oracle. Ch. 7. opcode mnemonics by opcode. https://docs.oracle.com/javase/specs/jvms-7.html. Acc. Dec. 1, 2014.

[30]

Oracle. Java virtual machine technology. http://docs.oracle.com/. Acc. Dec. 1, 2014.

[31]

T. Petsas, G. Voyatzis, E. Athanasopoulos, M. Polychronakis, and S. Ioannidis. Rage against the virtual machine: Hindering dynamic analysis of android malware. In Proc. of the Seventh European Workshop on System Security, EuroSec '14, NY, NY, USA, 2014. ACM.

Digital Library

[32]

S. Rosen, Z. Qian, and Z. M. Mao. Appprofiler: A flexible method of exposing privacy-related behavior in android applications to end users. In Proc. of the Third ACM Conf. on Data and Application Security and Privacy, CODASPY '13, NY, NY, USA, 2013. ACM.

Digital Library

[33]

M. Spreitzenbarth, F. Freiling, F. Echtler, T. Schreck, and J. Hoffmann. Mobile-sandbox: Having a deeper look into android applications. In Proc. of the 28th Annual ACM Symp. on Applied Computing, SAC '13, NY, NY, USA, 2013. ACM.

Digital Library

[34]

S. Tweedie. Android is crushing the smartphone market, and it is not even close anymore. Business Insider., July 2014.

[35]

R. Vallée-Rai, P. Co, E. Gagnon, L. Hendren, P. Lam, and V. Sundaresan. Soot - a java bytecode optimization framework. In Proc. of the 1999 Conf. of the Centre for Advanced Studies on Collaborative Research, CASCON '99. IBM Press, 1999.

Digital Library

[36]

T. Vidas, J. Tan, J. Nahata, C. L. Tan, N. Christin, and P. Tague. A5: Automated analysis of adversarial android applications. In Proc. of the 4th ACM Workshop on Security and Privacy in Smartphones, SPSM '14, NY, NY, USA, 2014. ACM.

Digital Library

[37]

F. Wei, S. Roy, X. Ou, and Robby. Amandroid: A precise and general inter-component data flow analysis framework for security vetting of android apps. In Proc. of the 2014 ACM SIGSAC Conf. on Computer and Communications Security, CCS '14, NY, NY, USA, 2014. ACM.

Digital Library

[38]

M. E. Whitman and H. J. Mattord. Roadmap to Information Security: For IT and Infosec Managers. Delmar Learning, 1st edition, 2011.

Digital Library

[39]

S. Wiki. Android reversing analysis. http://wiki.secmobi.com/tools. Acc. Jan. 1, 2015.

[40]

J. Xu, Y. Yu, Z. Chen, B. Cao, W. Dong, Y. Guo, and J. Cao. Mobsafe: cloud computing based forensic analysis for massive mobile applications using data mining. Tsinghua Science and Technology, 18(4), Aug. 2013.

[41]

C. Zheng, S. Zhu, S. Dai, G. Gu, X. Gong, X. Han, and W. Zou. Smartdroid: An automatic system for revealing ui-based trigger conditions in android applications. In Proc. of the Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM '12, NY, NY, USA, 2012. ACM.

Digital Library

[42]

M. Zheng, M. Sun, and J. C. Lui. Droidray: A security evaluation system for customized android firmwares. In Proc. of the 9th ACM Symp. on Information, Computer and Communications Security, ASIA CCS '14, NY, NY, USA, 2014. ACM.

Digital Library

[43]

Y. Zhongyang, Z. Xin, B. Mao, and L. Xie. Droidalarm: An all-sided static analysis tool for android privilege-escalation malware. In Proc. of the 8th ACM SIGSAC Symp. on Information, Computer and Communications Security, ASIA CCS '13, NY, NY, USA, 2013. ACM.

Digital Library

[44]

Y. Zhou and X. Jiang. Dissecting android malware: Characterization and evolution. In Proc. of the 2012 IEEE Symp. on Security and Privacy, SP '12, Washington, DC, USA, 2012. IEEE Computer Society.

Digital Library

Cited By

Dickey KHwang DKim D(2024)Analyzing Various Machine Learning Approaches for Detecting Android MalwareSoutheastCon 202410.1109/SoutheastCon52093.2024.10500178(1288-1293)Online publication date: 15-Mar-2024
https://doi.org/10.1109/SoutheastCon52093.2024.10500178
McElroy S(2024)Identifying Android Banking Malware Through Measurement of User Interface Complexity2024 IEEE International Conference on Cyber Security and Resilience (CSR)10.1109/CSR61664.2024.10679403(348-353)Online publication date: 2-Sep-2024
https://doi.org/10.1109/CSR61664.2024.10679403
Al-Kahla WTaqieddin EShatnawi AAl-Ouran R(2024)Malware Detection and Classification in Android Application Using Simhash-Based Feature Extraction and Machine LearningIEEE Access10.1109/ACCESS.2024.350127712(174255-174273)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3501277
Show More Cited By

Index Terms

Android Malware Static Analysis Techniques

Recommendations

The Evolution of Android Malware and Android Analysis Techniques

With the integration of mobile devices into daily life, smartphones are privy to increasing amounts of sensitive information. Sophisticated mobile malware, particularly Android malware, acquire or utilize such data without user consent. It is therefore ...
HybriDroid: static analysis framework for Android hybrid applications
ASE '16: Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering

Mobile applications (apps) have long invaded the realm of desktop apps, and hybrid apps become a promising solution for supporting multiple mobile platforms. Providing both platform-specific functionalities via native code like native apps and user ...
Android Malware Detection Techniques in Traditional and Cloud Computing Platforms: A State-of-the-Art Survey

In the mobile world, Android is the most popular choice of manufacturers and users alike. Meanwhile, a number of malicious applications abbreviated as malapps or malware have increased explosively. Malware writers make use of existing apps to send ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

CISR '15: Proceedings of the 10th Annual Cyber and Information Security Research Conference

April 2015

99 pages

ISBN:9781450333450

DOI:10.1145/2746266

General Chairs:
Joseph P. Trien
Oak Ridge National Laboratory
,
Stacy J. Prowell
Oak Ridge National Laboratory
,
Program Chair:
Robert A. Bridges
Oak Ridge National Laboratory
,
Publications Chair:
John R. Goodall
Oak Ridge National Laboratory

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

Oak Ridge National Laboratory

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 April 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

CISR '15

CISR '15: 10th Annual Cyber and Information Security Research Conference

April 7 - 9, 2015

TN, Oak Ridge, USA

Acceptance Rates

CISR '15 Paper Acceptance Rate 18 of 36 submissions, 50%;

Overall Acceptance Rate 69 of 136 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

22
Total Citations
View Citations
937
Total Downloads

Downloads (Last 12 months)38
Downloads (Last 6 weeks)1

Reflects downloads up to 01 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Dickey KHwang DKim D(2024)Analyzing Various Machine Learning Approaches for Detecting Android MalwareSoutheastCon 202410.1109/SoutheastCon52093.2024.10500178(1288-1293)Online publication date: 15-Mar-2024
https://doi.org/10.1109/SoutheastCon52093.2024.10500178
McElroy S(2024)Identifying Android Banking Malware Through Measurement of User Interface Complexity2024 IEEE International Conference on Cyber Security and Resilience (CSR)10.1109/CSR61664.2024.10679403(348-353)Online publication date: 2-Sep-2024
https://doi.org/10.1109/CSR61664.2024.10679403
Al-Kahla WTaqieddin EShatnawi AAl-Ouran R(2024)Malware Detection and Classification in Android Application Using Simhash-Based Feature Extraction and Machine LearningIEEE Access10.1109/ACCESS.2024.350127712(174255-174273)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3501277
Lu XZhao JZhu SLio P(2024)SNDGCN: Robust Android malware detection based on subgraph network and denoising GCN networkExpert Systems with Applications10.1016/j.eswa.2024.123922(123922)Online publication date: Apr-2024
https://doi.org/10.1016/j.eswa.2024.123922
Zirillo MAviza SCruz MLee HLaMalva GGalvez ADragos DSchmeelk S(2024)Examining the Privacy and Security of Mobile Refugee ApplicationsIntelligent Computing10.1007/978-3-031-62273-1_26(410-427)Online publication date: 15-Jun-2024
https://doi.org/10.1007/978-3-031-62273-1_26
Pimenta TCeschin FGregio A(2023)ANDROIDGYNY: Reviewing Clustering Techniques for Android Malware Family ClassificationDigital Threats: Research and Practice10.1145/35874715:1(1-35)Online publication date: 14-Mar-2023
https://dl.acm.org/doi/10.1145/3587471
Zhang JWang YQiu LRubin J(2022)Analyzing Android Taint Analysis Tools: FlowDroid, Amandroid, and DroidSafeIEEE Transactions on Software Engineering10.1109/TSE.2021.310956348:10(4014-4040)Online publication date: 1-Oct-2022
https://doi.org/10.1109/TSE.2021.3109563
Huang YWang ZOu HChi Y(2022)Fuzzing-Based Office Software Vulnerability Mining on Android PlatformProceeding of 2021 International Conference on Wireless Communications, Networking and Applications10.1007/978-981-19-2456-9_114(1141-1149)Online publication date: 13-Jul-2022
https://doi.org/10.1007/978-981-19-2456-9_114
Rawat RMahor VRawat AGarg BTelang S(2021)Digital Transformation of Cyber Crime for Chip-Enabled HackingHandbook of Research on Advancing Cybersecurity for Digital Transformation10.4018/978-1-7998-6975-7.ch012(227-243)Online publication date: 2021
https://doi.org/10.4018/978-1-7998-6975-7.ch012
Schmeelk SBojanova I(2021)Perspectives on Directing a Graduate Cybersecurity ProgramComputer10.1109/MC.2021.311231754:12(84-87)Online publication date: Dec-2021
https://doi.org/10.1109/MC.2021.3112317
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten