Proceedings 2018 Network and Distributed System Security Symposium 2018
DOI: 10.14722/ndss.2018.23296
|View full text |Cite
|
Sign up to set email alerts
|

Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole-System Emulation

Abstract: Abstract-The prevalent usage of runtime packers has complicated Android malware analysis, as both legitimate and malicious apps are leveraging packing mechanisms to protect themselves against reverse engineer. Although recent efforts have been made to analyze particular packing techniques, little has been done to study the unique characteristics of Android packers. In this paper, we report the first systematic study on mainstream Android packers, in an attempt to understand their security implications. For thi… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
36
0

Year Published

2018
2018
2020
2020

Publication Types

Select...
5
3

Relationship

1
7

Authors

Journals

citations
Cited by 65 publications
(36 citation statements)
references
References 20 publications
0
36
0
Order By: Relevance
“…Furthermore, as to be evaluated in Sec. III-C3, our crowdsourcing is much more effective in terms of port discovery than typical Android static analysis, which cannot handle dynamic code loading [65], [67], complex implicit flows [43], [66], and advanced code obfuscation [46], [78].…”
Section: Discovery Via Crowdsourcingmentioning
confidence: 99%
See 1 more Smart Citation
“…Furthermore, as to be evaluated in Sec. III-C3, our crowdsourcing is much more effective in terms of port discovery than typical Android static analysis, which cannot handle dynamic code loading [65], [67], complex implicit flows [43], [66], and advanced code obfuscation [46], [78].…”
Section: Discovery Via Crowdsourcingmentioning
confidence: 99%
“…They identified potential open ports in 6.8% of the top 24,000 Android apps, among which around 400 apps were likely vulnerable and 57 were manually confirmed. Nevertheless, OPAnalyzer still suffers from the inherent limitation of static analysis (i.e., the code detected might not execute) and the incapability of typical Android static analysis to handle dynamic code loading [65], [67], complex implicit flows [43], [66], and advanced code obfuscation [46], [78]. Moreover, the focus of OPAnalyzer is about detecting permission-misuserelated vulnerabilities in TCP open ports (via pre-selected sink APIs), while the entire picture of open ports in the Android ecosystem is still largely unexplored.…”
Section: Introductionmentioning
confidence: 99%
“…These tools may operate at different levels, e.g., Java code level, Dex bytecode level and native code level. Native code level protection is much stronger than Java-level protection, thus state-of-the-art commercial packers utilize native code obfuscation to increase the complexity of reverse engineering [33]. As a side effect, Android malware also take advantage of native code obfuscation to evade detection.…”
Section: Android App Obfuscationmentioning
confidence: 99%
“…Nevertheless, five years after Aafer et al's publication, the mentioned evasion techniques, reflection, native code, encryption, dynamic loading are widely used by malware. Even benign applications now use packers that use these techniques to protect their code [6].…”
Section: Designing An Experimentsmentioning
confidence: 99%