Enter Sandbox: Android Sandbox Comparison


Sebastian Neuner, Victor Van Der Veen, Martina Lindorfer, Markus Huber, Georg Merzdovnik, Martin Mulazzani, Edgar Weippl


Proceedings of the 3rd IEEE Mobile Security Technologies Workshop (MoST), May 2014


Expecting the shipment of 1 billion Android devices in 2017, cyber criminals have naturally extended their vicious activities towards Google’s mobile operating system. With an estimated number of 700 new Android applications released every day, keeping control over malware is an increasingly challenging task. In recent years, a vast number of static and dynamic code analysis platforms for analyzing Android applications and making decision regarding their maliciousness have been introduced in academia and in the commercial world. These platforms differ heavily in terms of feature support and application properties being analyzed. In this paper, we give an overview of the state-of-the-art dynamic code analysis platforms for Android and evaluate their effectiveness with samples from known malware corpora as well as known Android bugs like Master Key. Our results indicate a low level of diversity in analysis platforms resulting from code reuse that leaves the evaluated systems vulnerable to evasion. Furthermore the Master Key bugs could be exploited by malware to hide malicious behavior from the sandboxes.


  title     = {{Enter Sandbox: Android Sandbox Comparison}},
  author    = {Neuner, Sebastian and Van Der Veen, Victor and Lindorfer, Martina and Huber, Markus and Merzdovnik, Georg and Mulazzani, Martin and Weippl, Edgar},
  booktitle = {Proceedings of the 3rd IEEE Mobile Security Technologies Workshop},
  series    = {MoST},
  month     = {May},
  year      = {2014},
  address   = {San Jose, CA}