• DocumentCode
    111505
  • Title

    Android Security: A Survey of Issues, Malware Penetration, and Defenses

  • Author

    Faruki, Parvez ; Bharmal, Ammar ; Laxmi, Vijay ; Ganmoor, Vijay ; Gaur, Manoj Singh ; Conti, Mauro ; Rajarajan, Muttukrishnan

  • Author_Institution
    Comput. Eng. Dept., Malaviya Nat. Inst. of Technol. (MNIT), Jaipur, India
  • Volume
    17
  • Issue
    2
  • fYear
    2015
  • fDate
    Secondquarter 2015
  • Firstpage
    998
  • Lastpage
    1022
  • Abstract
    Smartphones have become pervasive due to the availability of office applications, Internet, games, vehicle guidance using location-based services apart from conventional services such as voice calls, SMSes, and multimedia services. Android devices have gained huge market share due to the open architecture of Android and the popularity of its application programming interface (APIs) in the developer community. Increased popularity of the Android devices and associated monetary benefits attracted the malware developers, resulting in big rise of the Android malware apps between 2010 and 2014. Academic researchers and commercial antimalware companies have realized that the conventional signature-based and static analysis methods are vulnerable. In particular, the prevalent stealth techniques, such as encryption, code transformation, and environment-aware approaches, are capable of generating variants of known malware. This has led to the use of behavior-, anomaly-, and dynamic-analysis-based methods. Since a single approach may be ineffective against the advanced techniques, multiple complementary approaches can be used in tandem for effective malware detection. The existing reviews extensively cover the smartphone OS security. However, we believe that the security of Android, with particular focus on malware growth, study of antianalysis techniques, and existing detection methodologies, needs an extensive coverage. In this survey, we discuss the Android security enforcement mechanisms, threats to the existing security enforcements and related issues, malware growth timeline between 2010 and 2014, and stealth techniques employed by the malware authors, in addition to the existing detection methods. This review gives an insight into the strengths and shortcomings of the known research methodologies and provides a platform, to the researchers and practitioners, toward proposing the next-generation Android security, analysis, and malware detection techniques.
  • Keywords
    Android (operating system); application program interfaces; invasive software; mobile computing; program diagnostics; smart phones; API; Android device; Android malware application; Internet; SMS; application programming interface; dynamic-analysis-based method; location-based service; malware detection techniques; malware penetration; multimedia services; next-generation Android security enforcement mechanism; office application; prevalent stealth techniques; signature-based analysis method; smartphone OS security; static analysis method; static analysis methods; vehicle guidance; voice call; Androids; Google; Humanoid robots; Malware; Smart phones; Tutorials; Android Malware; Android malware; Behavioral Analysis; Dynamic Analysis; Obfuscation; Static Analysis; Stealth Malwar; behavioral analysis; dynamic analysis; obfuscation; static analysis; stealth malware;
  • fLanguage
    English
  • Journal_Title
    Communications Surveys & Tutorials, IEEE
  • Publisher
    ieee
  • ISSN
    1553-877X
  • Type

    jour

  • DOI
    10.1109/COMST.2014.2386139
  • Filename
    6999911
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=111505