Android Security: A Survey of Issues, Malware Penetration, and Defenses

Smartphones have become pervasive due to the availability of office applications, Internet, games, vehicle guidance using location-based services apart from conventional services such as voice calls, SMSes, and multimedia services. Android devices have gained huge market share due to the open architecture of Android and the popularity of its application programming interface (APIs) in the developer community. Increased popularity of the Android devices and associated monetary benefits attracted the malware developers, resulting in big rise of the Android malware apps between 2010 and 2014. Academic researchers and commercial antimalware companies have realized that the conventional signature-based and static analysis methods are vulnerable. In particular, the prevalent stealth techniques, such as encryption, code transformation, and environment-aware approaches, are capable of generating variants of known malware. This has led to the use of behavior-, anomaly-, and dynamic-analysis-based methods. Since a single approach may be ineffective against the advanced techniques, multiple complementary approaches can be used in tandem for effective malware detection. The existing reviews extensively cover the smartphone OS security. However, we believe that the security of Android, with particular focus on malware growth, study of antianalysis techniques, and existing detection methodologies, needs an extensive coverage. In this survey, we discuss the Android security enforcement mechanisms, threats to the existing security enforcements and related issues, malware growth timeline between 2010 and 2014, and stealth techniques employed by the malware authors, in addition to the existing detection methods. This review gives an insight into the strengths and shortcomings of the known research methodologies and provides a platform, to the researchers and practitioners, toward proposing the next-generation Android security, analysis, and malware detection techniques.

[1]  Laurie Hendren,et al.  Soot---a java optimization framework , 1999 .

[2]  장윤희,et al.  Y. , 2003, Industrial and Labor Relations Terms.

[3]  Jesse D. Kornblum Identifying almost identical files using context triggered piecewise hashing , 2006, Digit. Investig..

[4]  J. Foster,et al.  SCanDroid: Automated Security Certification of Android , 2009 .

[5]  Patrick D. McDaniel,et al.  Semantically Rich Application-Centric Security in Android , 2009, 2009 Annual Computer Security Applications Conference.

[6]  Building a Better Similarity Trap with Statistically Improbable Features , 2009, 2009 42nd Hawaii International Conference on System Sciences.

[7]  Patrick D. McDaniel,et al.  Understanding Android Security , 2009, IEEE Security & Privacy Magazine.

[8]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[9]  Avik Chaudhuri,et al.  SCanDroid: Automated Security Certification of Android , 2009 .

[10]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[11]  Xinwen Zhang,et al.  Apex: extending Android permission model and enforcement with user-defined runtime constraints , 2010, ASIACCS '10.

[12]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.

[13]  Sahin Albayrak,et al.  An Android Application Sandbox system for suspicious software detection , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[14]  Herbert Bos,et al.  Paranoid Android: versatile protection for smartphones , 2010, ACSAC '10.

[15]  Paul C. van Oorschot,et al.  A methodology for empirical analysis of permission-based security models and its application to android , 2010, CCS '10.

[16]  Ahmad-Reza Sadeghi,et al.  XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks , 2011 .

[17]  C. Castillo Android Malware Past , Present , and Future , 2011 .

[18]  David A. Wagner,et al.  Analyzing inter-application communication in Android , 2011, MobiSys '11.

[19]  Swarat Chaudhuri,et al.  A Study of Android Application Security , 2011, USENIX Security Symposium.

[20]  William Enck,et al.  Defending Users against Smartphone Apps: Techniques and Future Directions , 2011, ICISS.

[21]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[22]  Guofei Gu,et al.  SmartDroid: an automatic system for revealing UI-based trigger conditions in android applications , 2012, SPSM '12.

[23]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[24]  Ninghui Li,et al.  Android permissions: a perspective combining risks and benefits , 2012, SACMAT '12.

[25]  Xuxian Jiang,et al.  Unsafe exposure analysis of mobile in-app advertisements , 2012, WISEC '12.

[26]  John Aycock,et al.  ThinAV: truly lightweight mobile cloud-based anti-malware , 2012, ACSAC '12.

[27]  Heng Yin,et al.  DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis , 2012, USENIX Security Symposium.

[28]  John C. S. Lui,et al.  ADAM: An Automatic and Extensible Platform to Stress Test Android Anti-virus Systems , 2012, DIMVA.

[29]  Mauro Conti,et al.  CRêPE: A System for Enforcing Fine-Grained Context-Related Policies on Android , 2012, IEEE Transactions on Information Forensics and Security.

[30]  Wenke Lee,et al.  CHEX: statically vetting Android apps for component hijacking vulnerabilities , 2012, CCS.

[31]  Yajin Zhou,et al.  RiskRanker: scalable and accurate zero-day android malware detection , 2012, MobiSys '12.

[32]  Boxer SMS Trojan , 2012 .

[33]  Gonzalo Álvarez,et al.  PUMA: Permission Usage to Detect Malware in Android , 2012, CISIS/ICEUTE/SOCO Special Sessions.

[34]  Yajin Zhou,et al.  Detecting repackaged smartphone applications in third-party android marketplaces , 2012, CODASPY '12.

[35]  Barbara G. Ryder,et al.  User-Centric Dependence Analysis For Identifying Malicious Mobile Apps , 2012 .

[36]  Somesh Jha,et al.  Retargeting Android applications to Java bytecode , 2012, SIGSOFT FSE.

[37]  K. Yi,et al.  SCANDAL : Static Analyzer for Detecting Privacy Leaks in Android Applications , 2012 .

[38]  Jacques Klein,et al.  Dexpler: converting Android Dalvik bytecode to Jimple for static analysis with Soot , 2012, SOAP '12.

[39]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[40]  René Rydhof Hansen,et al.  Study , Formalisation , and Analysis of Dalvik Bytecode , 2012 .

[41]  Hao Chen,et al.  AndroidLeaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large Scale , 2012, TRUST.

[42]  Ross J. Anderson,et al.  Aurasium: Practical Policy Enforcement for Android Applications , 2012, USENIX Security Symposium.

[43]  John C. S. Lui,et al.  Droid Analytics: A Signature Based Analytic System to Collect, Extract, Analyze and Associate Android Malware , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.

[44]  Mauro Conti,et al.  FM 99.9, Radio Virus: Exploiting FM Radio Broadcasts for Malware Deployment , 2013, IEEE Transactions on Information Forensics and Security.

[45]  Wenke Lee,et al.  The Core of the Matter: Analyzing Malicious Traffic in Cellular Carriers , 2013, NDSS.

[46]  Julian Schütte,et al.  On the Effectiveness of Malware Protection on Android An evaluation of Android antivirus , 2013 .

[47]  Heng Yin,et al.  DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android , 2013, SecureComm.

[48]  Daniele Sgandurra,et al.  A Survey on Security for Mobile Devices , 2013, IEEE Communications Surveys & Tutorials.

[49]  Vijay Laxmi,et al.  AndroSimilar: robust statistical feature signature for Android malware detection , 2013, SIN.

[50]  Chun-Ying Huang,et al.  Performance Evaluation on Permission-Based Detection for Android Malware , 2013 .

[51]  L. Cavallaro,et al.  A System Call-Centric Analysis and Stimulation Technique to Automatically Reconstruct Android Malware Behaviors , 2013 .

[52]  Xuxian Jiang,et al.  DroidChameleon: evaluating Android anti-malware against transformation attacks , 2013, ASIA CCS '13.

[53]  Annamalai Narayanan,et al.  AdDetect: Automated detection of Android ad libraries using semantic analysis , 2014, 2014 IEEE Ninth International Conference on Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP).

[54]  E. Ratazzi,et al.  A Systematic Security Evaluation of Android's Multi-User Framework , 2014, ArXiv.

[55]  Nicolas Christin,et al.  Evading android runtime analysis via sandbox detection , 2014, AsiaCCS.

[56]  Peng Wang,et al.  AsDroid: detecting stealthy behaviors in Android applications by user interface and program behavior contradiction , 2014, ICSE.

[57]  René Rydhof Hansen,et al.  Formalisation and analysis of Dalvik bytecode , 2014, Sci. Comput. Program..

[58]  Yanick Fratantonio,et al.  ANDRUBIS -- 1,000,000 Apps Later: A View on Current Android Malware Behaviors , 2014, 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS).

[59]  Juan E. Tapiador,et al.  Evolution, Detection and Analysis of Malware for Smart Devices , 2014, IEEE Communications Surveys & Tutorials.

[60]  XiaoFeng Wang,et al.  Upgrading Your Android, Elevating My Malware: Privilege Escalation through Mobile OS Updating , 2014, 2014 IEEE Symposium on Security and Privacy.

[61]  Yanick Fratantonio,et al.  Andrubis: Android Malware Under the Magnifying Glass , 2014 .

[62]  Edgar R. Weippl,et al.  Enter Sandbox: Android Sandbox Comparison , 2014, ArXiv.

[63]  Georgios Kambourakis,et al.  The best of both worlds: a framework for the synergistic operation of host and cloud anomaly-based IDS for smartphones , 2014, EuroSec '14.

[64]  Isil Dillig,et al.  Apposcopy: semantics-based detection of Android malware through static analysis , 2014, SIGSOFT FSE.

[65]  Jieqi Kang,et al.  Android-Based Visual Tag Detection for Visually Impaired Users: System Design and Testing , 2014, Int. J. E Health Medical Commun..

[66]  Sotiris Ioannidis,et al.  Rage against the virtual machine: hindering dynamic analysis of Android malware , 2014, EuroSec '14.

[67]  Muttukrishnan Rajarajan,et al.  Evaluation of Android Anti-malware Techniques against Dalvik Bytecode Obfuscation , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[68]  Eemil Lagerspetz,et al.  The company you keep: mobile malware infection rates and inexpensive risk indicators , 2013, WWW.

[69]  Mauro Conti,et al.  Detecting Targeted Smartphone Malware with Behavior-Triggering Stochastic Models , 2014, ESORICS.

[70]  Steve Mansfield-Devine Mobile security: it's all about behaviour , 2014, Netw. Secur..

[71]  이화영 X , 1960, Chinese Plants Names Index 2000-2009.

[72]  John B. Haviland Hey! , 2015, Top. Cogn. Sci..

[73]  Gorjan Alagic,et al.  #p , 2019, Quantum information & computation.