Android security: A survey of issues, malware penetration, and defenses

IEEE Communications Surveys and Tutorials

Volumn 17, Issue 2, 2015, Pages 998-1022

  Faruki, Parvez ^b   Bharmal, Ammar ^b   Laxmi, Vijay ^a,b   Ganmoor, Vijay ^b   Gaur, Manoj Singh ^a,b   Conti, Mauro ^c   Rajarajan, Muttukrishnan ^d  

^a Department of Information Technology Government of India Project Grant Security Analysis Framework for Android Platform   (India)

^b MALAVIYA NATIONAL INSTITUTE OF TECHNOLOGY   (India)

^c UNIVERSITY OF PADOVA   (Italy)

^d CITY UNIVERSITY   (United Kingdom)

Author keywords

Android Malware; Behavioral Analysis; Dynamic Analysis; Obfuscation; Static Analysis; Stealth Malwar

Indexed keywords

APPLICATION PROGRAMMING INTERFACES (API); COMPETITION; COMPUTER CRIME; COSINE TRANSFORMS; DYNAMIC ANALYSIS; LOCATION BASED SERVICES; MALWARE; MOBILE SECURITY; MULTIMEDIA SERVICES; SMARTPHONES; STATIC ANALYSIS; SURVEYS; TELECOMMUNICATION SERVICES;

ANDROID MALWARE; BEHAVIORAL ANALYSIS; CONVENTIONAL SERVICES; OBFUSCATION; RESEARCH METHODOLOGIES; SECURITY ENFORCEMENT; STATIC ANALYSIS METHOD; STEALTH MALWAR;

ANDROID (OPERATING SYSTEM);

EID: 84930507568     PISSN: None     EISSN: 1553877X     Source Type: Journal    
DOI: 10.1109/COMST.2014.2386139     Document Type: Article

References (143)

1. G. Inc., Android Smartphone Sales Report, 2013, (Online; Last Accessed Mar. 17, 2014). [Online]. Available: http://www.gartner.com/newsroom/id/2665715
2. Android Malware Genome Project, (Online; Last Accessed Feb. 11, 2014). [Online]. Available: http://www.malgenomeproject.org/
3. C. A. Castillo, "Android malware past, present, future" Mobile Working Security Group McAfee, Santa Clara, CA, USA, Tech. Rep., 2012
4. W. Zhou, Y. Zhou, X. Jiang, and P. Ning, "Detecting repackaged smartphone applications in third-party android marketplaces" in Proc. 2nd ACM CODASPY, New York, NY, USA, 2012, pp. 317-326. [Online]. Available: http://doi.acm.org/10.1145/2133601.2133640
5. AppBrain, Number of applications available on Google Play, (Online; Last accessed Oct. 10, 2014). [Online]. Available: http://www.appbrain. com/stats/number-of-android-apps
6. Google Bouncer: Protecting the Google Play market, (Online; Last Accessed Oct. 15, 2013). [Online]. Available: http://blog.trendmicro.com/trendlabs-security-intelligence/a-lookat-google-bouncer/
7. Android and security: Official mobile google blog, (Online; Last Accessed Oct. 15, 2013). [Online]. Available: http://googlemobile.blogspot. in/2012/02/android-and-security.html
8. E. Chin, A. P. Felt, K. Greenwood, and D. Wagner, "Analyzing interapplication communication in Android" in Proc. 9th Int. Conf. MobiSys, New York, NY, USA, 2011, pp. 239-252. [Online]. Available: http://doi. acm.org/10.1145/1999995.2000018
9. PandaApp, (Online; Last Accessed Mar. 1, 2014). [Online]. Available: http://www.pandaapp.com/
10. Baidu, (Online; Last Accessed Mar. 1, 2014). [Online]. Available: http://as.baidu.com/
11. Opera Mobile App Store, (Online; Last Accessed Mar. 1, 2014). [Online]. Available: http://apps.opera.com/en-in/
12. AppChina, (Online; Last Accessed Mar. 1, 2014). [Online]. Available: http://www.appchina.com/
13. GetJar, (Online; Last AccessedMar. 1, 2014). [Online]. Available: http://www.getjar.mobi/
14. ESET-Trends for 2013, (Online; Last Accessed Feb. 11). [Online]. Available: http://go.eset.com/us/resources/whitepapers/Trends-for-2013-preview.pdf
15. Kaspersky Security Bulletin 2013, Overall statistics for 2013, (Online; Last Accessed Feb. 11). [Online]. Available: https://www.securelist.com/en/analysis/204792318/Kaspersky-Security-Bulletin-2013-Overall-statistics-for-2013
16. McAfee Labs Threats Report: Third Quarter 2013, (Online; Last Accessed Feb. 11). [Online]. Available: http://www.mcafee.com/uk/resources/reports/rp-quarterly-Threatq3-2013.pdf
17. F-Secure: Mobile Threat Report Q1 2013, (Online; Last Accessed Feb. 11). [Online]. Available: http://www.fsecure.com/static/doc/labs-global/Research/Mobile-Threat-Report-Q1-2013.pdf
18. F-Secure: Mobile Threat Report Q3 2013, (Online; Last Accessed Feb. 11). [Online]. Available: http://www.fsecure.com/static/doc/labs-global/Research/Mobile-Threat-Report-Q3-2013.pdf
19. F-Secure: Mobile Threat Report H1 2013, (Online; Last Accessed Feb. 11). [Online]. Available: http://www.fsecure.com/static/doc/labs-global/Research/Threat-Report-H1-2013.pdf
20. VirusTotal, (Online; Last Accessed Feb. 11, 2014). [Online]. Available: https://www.virustotal.com/
21. Android.Bgserv, (Online; Last Accesed Feb. 12, 2011). [Online]. Available: http://www.symantec.com/security-response/writeup.jsp? docid=2011-031005-2918-99
22. Backdoor.AndroidOS.Obad.a, (Online; Last Accesed Dec. 25, 2013). [Online]. Available: http://contagiominidump.blogspot.in/2013/06/backdoorandroidosobada.html
23. RageAgainstTheCage, (Online; Last Accessed Feb. 11). [Online]. Available: https://github.com/bibanon/android-development-codex/blob/master/General/Rooting/rageagainstthecage.md
24. Android Hipposms, (Online; 2011). [Online]. Available: http://www.csc. ncsu.edu/faculty/jiang/HippoSMS/
25. Android/NotCompatible Looks Like Piece of PC Botnet, (Online; Last Accesed Dec. 25, 2013). [Online]. Available: http://blogs.mcafee.com/mcafee-labs/androidnotcompatible-looks-like-piece-of-pc-botnet
26. E. Fernandes, B. Crispo, and M. Conti, "FM 99.9, radio virus: Exploiting FM radio broadcasts for malware deployment" IEEE Trans. Inf. Forensics Security, vol. 8, no. 6, pp. 1027-1037, Jun. 2013. [Online]. Available: http://dblp.uni-Trier.de/db/journals/tifs/tifs8.html# FernandesCC13
27. R. Fedler, J. Schütte, and M. Kulicke, "On the Effectiveness of Malware Protection on Android" Fraunhofer AISEC, Berlin, Germany, Tech. Rep., 2013
28. C. Jarabek, D. Barrera, and J. Aycock, "ThinAV: Truly lightweight Mobile Cloud-based Anti-malware" in Proc. 28th Annu. Comput. Security Appl. Conf., 2012, pp. 209-218
29. Kaspersky Internet Security for Android, (Online; Last Accessed Feb. 11). [Online]. Available: http://www.kaspersky.com/android-security
30. M. Grace, Y. Zhou, Q. Zhang, S. Zou, and X. Jiang, "RiskRanker: Scalable and accurate zero-day Android malware detection" in Proc. 10th Int. Conf. MobiSys, New York, NY, USA, 2012, pp. 281-294. [Online]. Available: http://doi.acm.org/10.1145/2307636.2307663
31. G. Suarez-Tangil, J. Tapiador, P. Peris-Lopez, and A. Ribagorda, "Evolution, detection and analysis of malware for smart devices" IEEE Commun. Surveys Tuts., vol. 16, no. 2, pp. 961-987, 2014
32. M. La Polla, F. Martinelli, and D. Sgandurra, "A survey on security for mobile devices" IEEE Commun. Surveys Tuts., vol. 15, no. 1, pp. 446-471, 2013
33. W. Enck, "Defending users against smartphone apps: Techniques and future directions" in Proc. 7th ICISS, 2011, pp. 49-70. [Online]. Available: http://dx.doi.org/10.1007/978-3-642-25560-1n-3
34. Android Security Overview, (Online; Last Accesed Dec. 25, 2013). [Online]. Available: http://source.android.com/devices/tech/security
35. W. Enck, M. Ongtang, and P. McDaniel, "Understanding android security" IEEE Security Privacy, vol. 7, no. 1, pp. 50-57, Jan./Feb. 2009. [Online]. Available: http://dx.doi.org/10.1109/MSP.2009.26
36. Android Kernel Features, (Online; Last Accessed Mar. 9, 2014). [Online]. Available: http://elinux.org/Android-Kernel-Features
37. Permission-, (Online; Last Accessed Feb. 11). [Online]. Available: http://developer.android.com/guide/topics/manifest/permission-element.html
38. B. Sanz et al., "PUMA: Permission Usage to detect Malware in Android" in Proc. Int. Joint Conf. CISIS-ICEUTE-SOCO'Spec. Sessions, 2013, pp. 289-298
39. J. Oberhide, Dissecting the Android Bouncer, (Online; Last Accessed Jun. 1, 2012). [Online]. Available: http://jon.oberheide.org/blog/2012/06/21/dissecting-The-android-bouncer/
40. Exercising Our Remote Application Removal Feature, (Online; Last Accessed Feb. 11). [Online]. Available: http://androiddevelopers.blogspot. in/2010/06/exercising-our-remote-application.html
41. CVE, (Online; Last Accessed Feb. 11). [Online]. Available: http://cve. mitre.org/
42. G. Andre and P. Ramos, "Boxer SMS Trojan" ESET Latin American Lab, Bratislava, Slovakia, Tech. Rep., 2013
43. Android Version History, (Online; Last Accessed Mar. 11, 2014). [Online]. Available: http://en.wikipedia.org/wiki/Android-version-history
44. L. Xing, X. Pan, R. Wang, K. Yuan, and X. Wang, "Upgrading your android, elevating my malware: Privilege escalation through mobile OS updating" in Proc. IEEE Symp. Security Privacy, 2014, pp. 393-408
45. z4Root, (Online; Last Accessed Feb. 11). [Online]. Available: https://github.com/bibanon/android-developmentcodex/blob/master/General/Rooting/z4root.md
46. Android Trickery, (Online; Last Accessed Feb. 11). [Online]. Available: http://c-skills.blogspot.com/2010/07/androidtrickery.html
47. Zimperlich Sources, (Online; Last Accessed Feb. 11). [Online]. Available: http://c-skills.blogspot.in/2011/02/zimperlichsources.html
48. GingerBreak, (Online; Last Accessed Feb. 11). [Online]. Available: http://forum.xda-developers.com/showthread.php?t=1044765
49. zergrush, (Online; Last Accessed Feb. 11). [Online]. Available: http://forum.xda-developers.com/showthread.php?t=1296916
50. Z. Yajin and J. Xuxian, "Dissecting android malware: Characterization and evolution" in Proc. 33rd IEEE Symp. Security Privacy, Oakland, CA, USA, 2012, pp. 95-109
51. Security Enhancements in Android 4.3, (Online; Last Accesed Dec. 25, 2013). [Online]. Available: http://source.android.com/devices/tech/security/enhancements43.html
52. Security Enhancements in Android 4.2, (Online; Last Accesed Dec. 25, 2013). [Online]. Available: http://source.android.com/devices/tech/security/enhancements42.html
53. G. Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos, "Paranoid android: Versatile protection for smartphones" in Proc. 26th ACSAC, New York, NY, USA, 2010, pp. 347-356. [Online]. Available: http://doi.acm.org/10.1145/1920261.1920313
54. Validating Security-Enhanced Linux in Android, (Online; Last Accesed Dec. 25, 2013). [Online]. Available: http://source.android.com/devices/tech/security/se-linux.html
55. M. Conti, B. Crispo, E. Fernandes, and Y. Zhauniarovich, "CRePe: A system for enforcing fine-grained context-related policies on android" Information Forensics and Security, IEEE Trans., vol. 7, no. 5, pp. 1426-1438, Oct. 2012
56. M. Nauman, S. Khan, and X. Zhang, "Apex: Extending android permission model and enforcement with user-defined runtime constraints" in Proc. ASIACCS, D. Feng, D. A. Basin, and P. Liu, Eds., 2010, pp. 328-332. [Online]. Available: http://dblp.uni-Trier.de/db/conf/ccs/asiaccs2010.html#NaumanKZ10
57. S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, and A.-R. Sadeghi, "Xmandroid: A new android evolution to mitigate privilege escalation attacks" Technische Universität Darmstadt, Darmstadt, Germany, Tech. Rep. TR-2011-04, 2011
58. M. Ongtang, S. E. McLaughlin, W. Enck, and P. D. McDaniel, "Semantically rich application-centric security in android" in Proc. ACSAC, 2009, pp. 340-349. [Online]. Available: http://dblp.uni-Trier.de/db/conf/acsac/acsac2009.html#OngtangMEM09
59. Android Security Analysis Challenge: Tampering Dalvik Bytecode During Runtime, (Online; Last Accessed Feb. 11, 2013). [Online]. Available: http://bluebox.com/labs/android-security-challenge/
60. "State of mobile security" Lookout Mobile Security, Tech. rep., 2012
61. "Current world of mobile threats" Lookout Mobile Security, San Francisco, CA, USA, Tech. rep., 2013
62. C. Lever, M. Antonakakis, B. Reaves, P. Traynor, and W. Lee, "The core of the matter: Analyzing malicious traffic in cellular carriers" in Proc. NDSS, 2013, vol. 13, pp. 1-16
63. H. T. T. Truong et al., "The company you keep: Mobile malware infection rates and inexpensive risk indicators" in Proc. 23rd Int. Conf. WWW, 2013, pp. 39-50
64. Carat: Collaborative Energy Diagnosis, (Online; Last Accesed Dec. 25, 2013). [Online]. Available: http://carat.cs.berkeley.edu/
65. Fake Netxflix-Android trojan info stealer, (Online; Last Accessed Feb. 11). [Online]. Available: http://contagiominidump.blogspot.in/2011/10/fake-netxflix-adtroid-Trojan-info.html
66. F. Shahzad, M. A. Akbar, and M. Farooq, "A survey on recent advances in malicious applications analysis and detection techniques for smartphones" National Univ. Comput. Emerging Sci., Islamabad, Pakistan
67. Spitmo vs Zitmo: Banking Trojans Target Android, (Online; Last Accessed Feb. 11). [Online]. Available: https://blogs.mcafee.com/mcafee-labs/spitmo-vs-zitmo-banking-Trojans-Target-android
68. Fakedefender.B-Android Fake Antivirus, (Online; Last Accesed Dec. 25, 2013). [Online]. Available: http://contagiominidump.blogspot. in/2013/11/fakedefenderb-android-fake-antivirus.html
69. avast! Free Mobile Security, (Online; Last Accessed Dec. 25, 2013). [Online]. Available: http://www.avast.com/freemobile-security-c? utmexpid=22755838-21.bXJmQHnQA6pakUW6PaLQQ.2& utmreferrer=https%3A%2F%2Fwww.google.com%2F
70. APKTool, Reverse Engineering with ApkTool, (Online; Accessed Mar. 20, 2013). [Online]. Available: https://code.google.com/android/apk-Tool
71. A. Inc., Class to Dex Conversion with Dx, (Online; Last Accessed Mar. 5, 2013). [Online]. Available: http://developer.android.com/tools/help/index.html
72. Remote Access Tool Takes Aim with Android APK Binder, (Online; Last Accessed Dec. 25, 2013). [Online]. Available: http://www.symantec. com/connect/blogs/remote-access-Tool-Takes-aimandroid-apk-binder
73. V. Rastogi, Y. Chen, and X. Jiang, "Droidchameleon: Evaluating Android anti-malware against transformation attacks" in Proc. 8th ACM SIGSAC Symp. Inf., Comput. Commun. Security, 2013, pp. 329-334
74. M. Zheng, P. P. C. Lee, and J. C. S. Lui, "ADAM: An automatic and extensible platform to stress test Android anti-virus systems" in Proc. DIMVA, 2012, pp. 82-101
75. ProGuard, (Online; Last Accessed Feb. 11). [Online]. Available: http://proguard.sourceforge.net/
76. DexGuard, (Online; Last Accessed Feb. 11). [Online]. Available: http://www.saikoa.com/dexguard
77. P. Faruki et al., "Evaluation of android anti malware techniques against Dalvik bytecode obfuscation" in Proc. 13th IEEE Int. Conf. TrustCom, Beijing, China, Sep. 26-28, 2014
78. Dalvik Bytecode Obfuscation on Android, (Online; Last Accessed Feb. 11). [Online]. Available: https://dexlabs.org/blog/bytecode-obfuscation
79. BlackHat, Reverse Engineering with Androguard, (Online; Accessed Mar. 29, 2013). [Online]. Available: https://code.google.com/androguard
80. W. Zhou, Y. Zhou, and X. Jiang, "Hey, you get off my market: Detecting malicious apps in official and third party android markets" in Proc. Annu. NDSS, New York, NY, USA, 2012, pp. 1-13
81. A. Shabtai, U. Kanonov, Y. Elovici, C. Glezer, and Y. Weiss, "'Andromaly': A behavioral malware detection framework for android devices" J. Intell. Inf. Syst., vol. 38, no. 1, pp. 161-190, 2012. [Online]. Available: http://dblp.uni-Trier.de/db/journals/jiis/jiis38.html#ShabtaiKEGW12
82. Y. Feng, S. Anand, I. Dillig, and A. Aiken, "Apposcopy: Semanticsbased detection of android malware" in Proc. SIGSOFT FSE, 2014, pp. 1-12
83. P. Faruki, V. Ganmoor, V. Laxmi, M. S. Gaur, and A. Bharmal, "AndroSimilar: Robust statistical feature signature for Android malware detection" in Proc. SIN, A. Eli, M. S. Gaur, M. A. Orgun, and O. B. Makarevich, Eds., 2013, pp. 152-159. [Online]. Available: http://dblp.uni-Trier.de/db/conf/sin/sin2013.html#FarukiGLGB13
84. A. P. Fuchs, A. Chaudhuri, and J. S. Foster, SCanDroid: Automated security certification of Android applications, Manuscript. [Online]. Available: http://www.cs.umd.edu/~avik/projects/scandroidascaa
85. L. Lu, Z. Li, Z.Wu,W. Lee, and G. Jiang, "CHEX: Statically vetting Android apps for component hijacking vulnerabilities" in Proc. ACM Conf. Comput. Commun. Security, T. Yu, G. Danezis, and V. D. Gligor, Eds., 2012, pp. 229-240. [Online]. Available: http://dblp.uni-Trier.de/db/conf/ccs/ccs2012.html#LuLWLJ12
86. B. P. Sarma et al., "Android permissions: A perspective combining risks and benefits" in Proc. 17th ACM Symp. Access ControlModels Technol., 2012, pp. 13-22
87. D. Barrera, H. G. Kayacik, P. C. van Oorschot, and A. Somayaji, "A methodology for empirical analysis of permission-based security models and its application to android" in Proc. 17th ACM Conf. CCS, 2010, pp. 73-84
88. C.-Y. Huang, Y.-T. Tsai, and C.-H. Hsu, "Performance evaluation on permission-based detection for android malware" in Proc. Adv. Intell. Syst. Appl.-Vol. 2, 2013, vol. 2, pp. 111-120
89. W. Enck, M. Ongtang, and P. McDaniel, "On lightweight mobile phone application certification" in Proc. 16th ACM Conf. Comput. Commun. Security, 2009, pp. 235-245
90. J. Kim, Y. Yoon, K. Yi, J. Shin, and S. Center, "ScanDal: Static analyzer for detecting privacy leaks in Android applications" in Proc. Workshop MoST, 2012, in conjunction with the IEEE Symposium on Security and Privacy
91. H. S. Karlsen, E. R. Wognsen, M. C. Olesen, and R. R. Hansen, "Study, formalisation, analysis of Dalvik bytecode" in Proc. 7th Workshop BYTECODE, 2012, pp. 1-9
92. Y. Aafer, W. Du, and H. Yin, "DroidAPIminer: Mining API-level features for robust malware detection in Android" in Proc. SecureComm, vol. 127, Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, T. Zia, A. Y. Zomaya, V. Varadharajan, and Z. M. Mao, Eds., Springer, 2013, pp. 86-103. [Online]. Available: http://dblp.uni-Trier.de/db/conf/securecomm/securecomm2013.html#AaferDY13
93. M. Zheng, M. Sun, and J. C. S. Lui, "DroidAnalytics: A signature based analytic system to collect, extract, analyze and associate android malware" in Proc. 12th IEEE Int. Conf. TrustCom, 2013, pp. 163-171
94. JD-GUI, Android Decompiling with JD-GUI, (Online; Last AccessedMar. 1, 2014). [Online]. Available: http://java.decompiler.free.fr/? q=jdgui
95. JAD, JAD Java Decompiler, (Online; Last Accessed Mar. 1, 2014). [Online]. Available: http://varaneckas.com/jad/
96. H. van Vliet, Mocha, The Java Decompiler, (Online; Last Accessed Mar. 1, 2014). [Online]. Available: http://www.brouhaha.com/-eric/software/mocha/
97. SOOT, Soot: A Java optimization framework, (Online; Accessed Mar. 1, 2014). [Online]. Available: http://www.sable.mcgill.ca/soot/
98. WALA, T. J. Watson Libraries for Analysis (WALA), (Online; Accessed Mar. 1, 2014). [Online]. Available: http://wala.sourceforge.net/wiki/index.php/
99. H. Inc., Fortify static code analyzer, (Online; Accessed Mar. 1, 2014). [Online]. Available: http://www8.hp.com/us/en/softwaresolutions/software.html?compURI=1338812
100. E. William, O. Damien, M. Patrick, and C. Swarat, "A study of Android application security" in Proc. USENIX, San Francisco, CA, USA, 2011, p. 163
101. D. Octeau, S. Jha, and P. McDaniel, "Retargeting Android applications to Java bytecode" in Proc. ACM SIGSOFT 20th Int. Symp. Found. Softw. Eng., 2012, p. 6
102. A. Bartel, J. Klein, Y. Le Traon, and M. Monperrus, "Dexpler: Converting Android Dalvik bytecode to Jimple for static analysis with Soot" in Proc. ACM SIGPLAN Int. Workshop State Art Java Program Anal., 2012, pp. 27-38
103. C. Gibler, J. Crussell, J. Erickson, and H. Chen, "Androidleaks: Automatically detecting potential privacy leaks in Android applications on a large scale" in Proc. Trust Trustworthy Comput., 2012, pp. 291-307
104. Dex2Jar, Android Decompiling with Dex2jar, (Online; Last Accessed May 15, 2013). [Online]. Available: http://code.google.com/p/dex2jar/
105. UI/Application Exercise Monkey, (Online; Last Accessed Feb. 11). [Online]. Available: http://developer.android.com/tools/help/monkey. html
106. T. Vidas and N. Christin, "Evading android runtime analysis via sandbox detection" in Proc. 9th ACM ASIA CCS, New York, NY, USA, 2014, pp. 447-458. [Online]. Available: http://doi.acm.org/10.1145/2590296. 2590325
107. A. Reina, A. Fattori, and L. Cavallaro, "A system call-centric analysis and stimulation technique to automatically reconstruct Android malware behaviors" in Proc. EUROSEC, Prague, Czech Republic
108. D. Damopoulos, G. Kambourakis, and G. Portokalidis, "The best of both worlds: A framework for the synergistic operation of host and cloud anomaly-based IDS for smartphones" in Proc. 7th EuroSec, New York, NY, USA, 2014, pp. 6:1-6:6. [Online]. Available: http://doi.acm.org/10. 1145/2592791.2592797
109. E. William, G. Peter, C. Byunggon, and C. Landon, "TaintDroid: An information flow tracking system for realtime privacy monitoring on smartphones" in Proc. USENIX, 2011
110. I. Burguera, U. Zurutuza, and S. Nadjm-Tehrani, "Crowdroid: Behavior-based malware detection system for Android" in Proc. 1st ACM Workshop Security Privacy Smartphones Mobile Devices, 2011, pp. 15-26
111. K. O. Elish, D. (Daphne) Yao, and B. G. Ryder, "User-centric dependence analysis for identifying malicious mobile apps" in Proc. Workshop MoST, 2012
112. J. Huang, X. Zhang, L. Tan, P.Wang, and B. Liang, "AsDroid: Detecting stealthy behaviors in android applications by user interface and program behavior contradiction" in Proc. ICSE, 2014, pp. 1036-1046
113. L. K. Yan and H. Yin, "DroidScope: Seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis" in Proc. 21st USENIX Security Symp., 2012, p. 29
114. BakSmali, Reverse Engineering with Smali/Baksmali, (Online; Accessed Mar. 20, 2013). [Online]. Available: https://code.google.com/smali
115. DARE: Dalvik Retargeting, (Online; Last Accessed Feb. 11, 2013). [Online]. Available: http://siis.cse.psu.edu/dare/
116. Dedexer, (Online; Last Accessed Feb. 11, 2013). [Online]. http://dedexer. sourceforge.net/
117. JEB Decompiler, (Online; Last Accessed Feb. 11, 2013). [Online]. Available: http://www.android-decompiler.com/
118. Similarities for Fun & Profit
119. V. Roussev, "Data fingerprinting with similarity hashes, advances in digital forensics" in Proc. Int. Conf. Digit. Forensics, 2010, pp. 207-226
120. V. Roussev, "Building a better similarity trap with statistically improbable features" in Proc. 42nd HICSS, 2009, pp. 1-10
121. Andrubis, 2012. [Online]. Available: http://anubis.iseclab.org/
122. A. Desnos and P. Lantz, "Droidbox: An android application sandbox for dynamic analysis, 2011. [Online]. Available: https://code.google.com/p/droidbox/
123. APKInspector, 2013. [Online]. Available: https://github.com/honeynet/apkinspector/
124. ded: Decompiling Android Applications, (Online; Last Accessed Feb. 11). [Online]. Available: http://siis.cse.psu.edu/ded/
125. R. Xu, H. Saïdi, and R. Anderson, "Aurasium: Practical policy enforcement for Android applications" in Proc. 21st USENIX Conf. Security Symp., 2012, pp. 27-27, USENIX Association
126. Google Bouncer: Bad guys may have an app for that, Feb. 2012. [Online]. Available: http://www.techrepublic.com/blog/it-security/google-bouncer-badguys-may-have-an-app-for-That/7422/
127. CopperDroid, Feb. 2012. [Online]. Available: http://copperdroid.isg. rhul.ac.uk/copperdroid/index.php
128. J. Kornblum, "Identifying almost identical files using context triggered piecewise hashing" Digit. Investigation, vol. 3, pp. 91-97, Sep. 2006. [Online]. Available: http://dx.doi.org/10.1016/j.diin.2006.06.015
129. Drozer-A Comprehensive Security and Attack Framework for Android, (Online; Last Accessed Feb. 11, 2013). [Online]. Available: https://www.mwrinfosecurity.com/products/drozer/
130. M. C. Grace, W. Zhou, X. Jiang, and A.-R. Sadeghi, "Unsafe exposure analysis of mobile in-app advertisements" in Proc. 5th ACM Conf. WISEC, New York, NY, USA, 2012, pp. 101-112. [Online]. Available: http://doi.acm.org/10.1145/2185448.2185464
131. A. Narayanan, L. Chen, and C. K. Chan, "Addetect: Automated detection of android ad libraries using semantic analysis" in Proc. IEEE 9th Int. Conf.ISSNIP, Singapore, Apr. 21-24, 2014, pp. 1-6. [Online]. Available: http://dx.doi.org/10.1109/ISSNIP.2014.6827639
132. H. Dong, J. Kang, J. Schafer, and A. Ganz, "Android-based visual tag detection for visually impaired users: System design and testing" Int. J. E-Health Med. Commun., vol. 5, no. 1, pp. 63-80, 2014. [Online]. Available: http://dx.doi.org/10.4018/ijehmc.2014010104
133. P. Faruki, V. Ganmoor, L. Vijay, M. Gaur, and M. Conti, "Android Platform Invariant Sandbox for Analyzing Malware and Resource Hogger apps" in Proc. 10th IEEE Int. Conf. SecureComm, Beijing, China, Sep. 26-28, 2014, pp. 1-6
134. G. Suarez-Tangil, M. Conti, J. E. Tapiador, and P. Peris-Lopez, "Detecting targeted smartphone malware with behavior-Triggering stochastic models" in Proc. Eur. Symp. Res. Comput. Security, 2014, pp. 183-201
135. Dendroid malware can take over your camera, record audio, sneak into Google Play, (Online; 2014). [Online]. Available: https://blog.lookout. com/blog/2014/03/06/dendroid/
136. S. Neuner et al., "Enter sandbox: Android sandbox comparison" in Proc. IEEE MoST, 2014
137. P. Ratazzi et al., "A systematic security evaluation of android's multiuser framework" in Proc. IEEE MoST, 2014, pp. 1-10
138. T. Petsas, G. Voyatzis, E. Athanasopoulos, M. Polychronakis, and S. Ioannidis, "Rage against the virtual machine: Hindering dynamic analysis of android malware" in Proc. 7th Eur. Workshop Syst. Security, 2014, Art. ID. 5
139. M. Lindorfer, Andrubis: A tool for analyzing unknown android applications. [Online]. Available: http://www.seclab.tuwien.ac.at/papers/andrubis-badgers14.pdf
140. M. Lindorfer et al., "Andrubis-1,000,000 apps later: A view on current Android malware behaviors" in Proc. 3rd Int. Workshop BADGERS, 2014, pp. 1-15
141. L.Weichselbaum et al., "Andrubis: Android malware under the magnifying glass" Vienna University of Technology, Wien, Austria, Tech. Rep. TR-ISECLAB-0414-001, 2014
142. T. Bläsing, L. Batyuk, A.-D. Schmidt, S. A. Camtepe, and S. Albayrak, "An android application sandbox system for suspicious software detection" in Proc. MALWARE, 2010, pp. 55-62
143. C. Zheng et al., "SmartDroid: An automatic system for revealing UIbased trigger conditions in android applications" in Proc. 2nd ACM Workshop SPSM, New York, NY, USA, 2012, pp. 93-104. [Online]. Available: http://doi.acm.org/10.1145/2381934.2381950