"Do You Want to Install an Update of This Application?" A Rigorous Analysis of Updated Android Applications

Attackers have been searching for security vulnerabilities in Android applications to exploit. One of these security vulnerabilities is that Android applications could load codes at runtime. This helps attackers to avoid being detected by static analysis tools. In this study, we have done a rigorous analysis to see how attackers employ updating techniques in order to exploit this vulnerability, and to assess the security risks of applications using these techniques in the markets. A comprehensive analysis is carried out on nearly 30,000 applications collected from three different Android markets and two malware datasets. Both static and dynamic analysis techniques are employed to monitor malicious activities in such applications. As a result, we found 70 new malicious applications from Google Play. Our work is the first study which monitors updating behaviours of applications during their execution. This analysis allows us to analyse suspicious applications deeply and to develop better security solutions.