Android Malware Analysis: From Technical Difficulties to Scientific Challenges

  • Jean-François LalandeEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11359)


Ten years ago, Google released the first version of its new operating system: Android. With an open market for third party applications, attackers started to develop malicious applications. Researchers started new works too. Inspired by previous techniques for Windows or GNU/Linux malware, a lot of papers introduced new ways of detecting, classifying, defeating Android malware. In this paper, we propose to explore the technical difficulties of experimenting with Android malware. These difficulties are encountered by researchers, each time they want to publish a solid experiment validating their approach. How to choose malware samples? How to process a large amount of malware? What happens if the experiment needs to execute dynamically a sample? The end of the paper presents the upcoming scientific challenges of the community interested in malware analysis.


Malware analysis Mobile phones 


  1. 1.
    Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: mining API-level features for robust malware detection in android. Secur. Privacy Commun. Netw. 127, 86–103 (2013). Scholar
  2. 2.
    Abraham, A., Andriatsimandefitra, R., Brunelat, A., Lalande, J.F., Viet Triem Tong, V.: GroddDroid: a gorilla for triggering malicious behaviors. In: 2015 10th International Conference on Malicious and Unwanted Software, MALWARE 2015, Fajardo, Puerto Rico, pp. 119–127. IEEE Computer Society, October 2016.
  3. 3.
    Allix, K., Bissyandé, T.F., Klein, J., Le Traon, Y.: AndroZoo: collecting millions of Android apps for the research community. In: 13th International Workshop on Mining Software Repositories, Austin, USA, pp. 468–471. ACM Press, May 2016.
  4. 4.
    Arzt, S., et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, Edinburgh, UK, vol. 49, pp. 259–269. ACM Press, June 2014. Scholar
  5. 5.
    Chen, K., et al.: Following devil’s footprints: cross-platform analysis of potentially harmful libraries on Android and iOS. In: S&P (2016).
  6. 6.
    Duan, Y., et al.: Things you may not know about android (un)packers: a systematic study based on whole-system emulation. In: 24th Annual Network and Distributed System Security Symposium, February 2018Google Scholar
  7. 7.
    Enck, W., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: 9th USENIX Symposium on Operating Systems Design and Implementation, Vancouver, BC, Canada, pp. 393–407. USENIX Association, October 2010Google Scholar
  8. 8.
    Enck, W., Ongtang, M., Mcdaniel, P.: On Lightweight Mobile Phone Application Certification. Categories and Subject Descriptors (2009)Google Scholar
  9. 9.
    Kiss, N., Lalande, J.F., Leslous, M., Viet Triem Tong, V.: Kharon dataset: android malware under a microscope. In: The LASER Workshop: Learning from Authoritative Security Experiment Results, San Jose, United States, pp. 1–12. USENIX Association, May 2016Google Scholar
  10. 10.
    Lalande, J.F., Viêt Triem Tong, V., Leslous, M., Graux, P.: Challenges for reliable and large scale evaluation of android malware analysis. In: International Workshop on Security and High Performance Computing Systems, Orléans, France, pp. 1068–1070. IEEE Computer Society, July 2018.
  11. 11.
    Leslous, M., Viet Triem Tong, V., Lalande, J.F., Genet, T.: GPFinder: tracking the invisible in android malware. In: 12th International Conference on Malicious and Unwanted Software, Fajardo, pp. 39–46. IEEE Conputer Society, October 2017.
  12. 12.
    Li, L., Meng, G., Klein, J., Malek, S. (eds.): 1st International Workshop on Advances in Mobile App Analysis, A-Mobile@ASE 2018, Montpellier, France, 4 September 2018. ACM Press (2018).
  13. 13.
    Tam, K., Khan, S., Fattori, A., Cavallaro, L.: CopperDroid: automatic reconstruction of android malware behaviors. In: 22nd Annual Network and Distributed System Security Symposium, San Diego, California, USA. The Internet Society, February 2015Google Scholar
  14. 14.
    Wei, F., Li, Y., Roy, S., Ou, X., Zhou, W.: Deep ground truth analysis of current android malware. In: Polychronakis, M., Meier, M. (eds.) DIMVA 2017. LNCS, vol. 10327, pp. 252–276. Springer, Cham (2017). Scholar
  15. 15.
    Wong, M.Y., Lie, D.: IntelliDroid: a targeted input generator for the dynamic analysis of android malware. In: The Network and Distributed System Security Symposium, San Diego, USA, no. February, pp. 21–24. The Internet Society, February 2016.
  16. 16.
    Yang, W., Kong, D., Xie, T., Gunter, C.A.: Malware detection in adversarial settings: exploiting feature evolutions and confusions in android apps. In: 33rd Annual Computer Security Applications Conference, Orlando, FL, USA, 4–8 December 2017, pp. 288–302 (2017).
  17. 17.
    Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: IEEE Symposium on Security and Privacy, San Jose, USA, no. 4, pp. 95–109. IEEE Computer Society, May 2012.

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.CentraleSupélec, Inria, Univ Rennes, CNRS, IRISARennesFrance

Personalised recommendations