Android Security Open Problems

by Luke Deshotels

1. Repackaging

1.1. Detecting Piggybacked Code

2. Dynamic Analysis

2.1. Sandbox

2.1.1. Droidbox

2.2. Real-time Monitoring

2.2.1. Taintdroid

2.2.2. Aurasium

2.3. Input Generation

2.3.1. Dynodroid

2.3.1.1. Game Based Malware

2.3.2. Monkey

2.4. Mobile Specific Features

2.4.1. Battery consumption

2.4.2. Data Usage

2.5. Crowdsourcing

2.5.1. Crowdroid

2.6. Open Problems

2.6.1. Bouncer

3. Static Analysis

3.1. Class Dependence

3.1.1. Graph Centrality

3.2. Component Count

3.3. Permissions

3.4. Data Flow

3.4.1. User-Centric Analysis

3.5. Control Flow

3.6. Opcodes

3.6.1. DroidMoss

3.7. Imported Packages

3.8. Market Data

3.9. Analyzing Native Code

3.10. Tools

3.10.1. DroidMat

3.10.2. Androguard

3.11. Open problems?

3.11.1. Hard to separate malicious code from benign

3.11.2. Malware Provenance and Phylogeny

3.11.3. Poor Application Verification

3.11.3.1. Weak Default App Scanner

3.11.3.2. Limitted AV Products

3.11.3.2.1. Anti-malware against Transformation Attacks

3.11.3.3. Partial Solutions

3.11.3.3.1. Acquiring VirusTotal

3.11.3.3.2. Private App Channels

3.11.4. obfuscation

3.11.5. dynamic code loading

3.11.6. limitted availability of tools

4. Mobile Botnets

4.1. Epidemic Spread

4.2. Attacking Network Services

4.3. Evasive and Robust P.O.C.

4.4. Tracking Uninfected Devices

5. User Education

5.1. Ignoring Permissions

5.2. Phishing

5.3. Improperly Rooting Devices

5.4. Alternative Markets

6. Browser Attacks

6.1. Phishing

6.2. Click Through

7. Easy to Reverse Engineer Apps

7.1. Adjacking

7.2. Loss of Intellectual Property

7.3. Tools

7.3.1. Apktool

7.3.2. Dex2Jar

7.3.3. Dexdump

8. Android Forensics

8.1. Hiding Data

8.2. Data Mining Personal Information

8.3. Physical Access Attacks

8.3.1. password cracking

8.3.1.1. smudge detection

8.3.1.2. brute force

8.3.1.3. bypass

8.3.2. access data on RAM

8.3.2.1. FROST

8.3.3. survey of attacks

9. Malicious Applications

9.1. Rooting Exploits

9.2. SMS Fraud

9.3. Rapid Malware Production

9.3.1. Defeats Signature Based Detection

9.3.2. Malware Phylogeny Could Fight This

9.4. False Notification Attacks

9.5. Response to Malware Detection

9.5.1. Remote Revocation

9.6. Survey of Android Malware

10. Baseband Attacks

11. Comprehensive Analysis Tools

11.1. Andrubis

11.2. DroidRanger

12. Resources for Understanding Android Security

12.1. Permissions

12.2. Google's Dev Site

13. Triage

13.1. Market-scale Mobile Malware Analysis