Effectiveness of state-of-the-art dynamic analysis techniques in identifying diverse Android malware and future enhancements

Abstract

Abstract Since its launch in 2007, Google's open source mobile operating system Android has become the most prominent OS for smartphones. Availability of 3 million Android apps on official repository, Google Play Store, and a not too tightly controlled environment for app developers have added to the popularity of Android and growth of Android devices. This, however, has also provided an opportunity for malware writers to create inroads into Android devices through malicious apps on App stores including Google Play. These malicious apps may access and leak sensitive information such as details of calls, SMS, emails, pictures, contacts, location, password, etc. Loss of this personal data may lead to fraud, financial loss, threatening, etc. Various solutions based on static, dynamic, or hybrid analysis are proposed by state-of-the-art in the last decade. However, malware writers have also come up with ingenious ways of circumventing detection tools. Recent malware deploy threats like obfuscated and encrypted code, dynamic code loading, and reflection, etc. which fail static analysis approaches employing bytecode for analysis. Dynamic analysis is robust against these evasive methods because it executes the application in the controlled environment. In this chapter, we review dynamic analysis techniques for Android and evaluate these experimentally. We discuss various antidetection methods used by recent Android malware to circumvent even dynamic analysis. We compare the effectiveness of various state-of-the-art dynamic analysis techniques against antidetection techniques. With this chapter, we try to highlight issues and challenges concerned to Android malware analysis techniques that require the attention of research community to avoid loss of end user.