Enter Sandbox: Android Sandbox Comparison

S. Neuner, v. Victor, M. Lindorfer, M. Huber, M. Georg, M. Mulazzani, E. Weippl:
"Enter Sandbox: Android Sandbox Comparison";
Vortrag: IEEE Mobile Security Technologies Workshop 2014, San Jose, CA; 17.05.2014; in:"Proceedings of the IEEE Mobile Security Technologies Workshop (MoST)", (2014).

[ Publication Database ]

Abstract:


Expecting the shipment of 1 billion Android devices
in 2017, cyber criminals have naturally extended their vicious
activities towards Google┬┤s mobile operating system. With an
estimated number of 700 new Android applications released every
day, keeping control over malware is an increasingly challenging
task. In recent years, a vast number of static and dynamic code
analysis platforms for analyzing Android applications and making
decision regarding their maliciousness have been introduced in
academia and in the commercial world. These platforms differ
heavily in terms of feature support and application properties
being analyzed. In this paper, we give an overview of the state-ofthe-
art dynamic code analysis platforms for Android and evaluate
their effectiveness with samples from known malware corpora
as well as known Android bugs like Master Key. Our results
indicate a low level of diversity in analysis platforms resulting
from code reuse that leaves the evaluated systems vulnerable to
evasion. Furthermore the Master Key bugs could be exploited by
malware to hide malicious behavior from the sandboxes.