Enter Sandbox: Android Sandbox Comparison
This work addresses malware detection for Android users and developers, but it is incremental as it evaluates existing platforms rather than introducing new methods.
The paper tackled the challenge of analyzing Android malware by comparing state-of-the-art dynamic code analysis platforms, finding low diversity due to code reuse and vulnerabilities to evasion, such as from Master Key bugs.
Expecting the shipment of 1 billion Android devices in 2017, cyber criminals have naturally extended their vicious activities towards Google's mobile operating system. With an estimated number of 700 new Android applications released every day, keeping control over malware is an increasingly challenging task. In recent years, a vast number of static and dynamic code analysis platforms for analyzing Android applications and making decision regarding their maliciousness have been introduced in academia and in the commercial world. These platforms differ heavily in terms of feature support and application properties being analyzed. In this paper, we give an overview of the state-of-the-art dynamic code analysis platforms for Android and evaluate their effectiveness with samples from known malware corpora as well as known Android bugs like Master Key. Our results indicate a low level of diversity in analysis platforms resulting from code reuse that leaves the evaluated systems vulnerable to evasion. Furthermore the Master Key bugs could be exploited by malware to hide malicious behavior from the sandboxes.