Android has become the most popular operating system for Smartphone, which renders it as an attractive target for malwares. Several techniques from literature have been developed to protect sensitive information of users from being stolen. Unfortunately, until now these techniques are not sufficient and therefore need to be improved. These techniques mainly use some tools already developed to disassemble or to study behaviour of malicious programs. Additionally, there exist integrated environments that people use to perform isolated analysis in virtual machine. We conduct in this work a qualitative study of these tools, based on the criteria such as documentation, usability, functional, portability, security, and extensibility. We found that tools rarely have these six quality characteristics and this lack gives the attacker the opportunity to take advantage of the user's information. In addition, we found that tools used for analysis can be entry doors to attacks. We identified possible vulnerabilities and propose ways to mitigate them further on.
[1]
Byung-Gon Chun,et al.
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
,
2010,
OSDI.
[2]
Steve Hanna,et al.
A survey of mobile malware in the wild
,
2011,
SPSM '11.
[3]
Andrew Honig,et al.
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
,
2012
.
[4]
David A. Wagner,et al.
The Effectiveness of Application Permissions
,
2011,
WebApps.
[5]
Byung-Gon Chun,et al.
TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones
,
2014,
Commun. ACM.
[6]
Yajin Zhou,et al.
Dissecting Android Malware: Characterization and Evolution
,
2012,
2012 IEEE Symposium on Security and Privacy.