Android’s Cat-and-Mouse Game: Understanding Evasion Techniques against Dynamic Analysis

Android’s Cat-and-Mouse Game: Understanding Evasion Techniques against Dynamic Analysis

연구 분야: Analysis

학회: 2024 IEEE 35th International Symposium on Software Reliability Engineering (ISSRE)

The Android OS, known for its openness and flexibility, dominates the global smartphone market, enabling the creation and distribution of a vast array of apps. However, this openness also attracts malicious apps that threaten user security. To counter these threats, static and dynamic analysis techniques are employed. Despite these efforts, evasion techniques such as code obfuscation and anti-debugging are increasingly used to bypass these analyses.In this study, we conduct a comprehensive review of current evasion and anti-evasion techniques and assess their real-world impact by analyzing 108,099 benign apps, 11,730 malicious apps, and 11 online dynamic analysis platforms. Our findings reveal that 68.1% of apps employ evasion techniques, with benign apps using them more frequently than malicious ones. Malicious apps, however, demonstrate more cautious behaviors when evading dynamic analysis. Additionally, our evaluation of dynamic analysis platforms shows that most evasion techniques, including simple methods like checking fields in the Build class, successfully evade detection, indicating a significant gap in current anti-evasion capabilities. Our research provides critical insights into the ongoing battle between Android app security and evasion techniques, underscoring the need for improved countermeasures to enhance user security.