PANDORA applies non-deterministic obfuscation randomly to Android

Android, a Linux-based operating system, is currently the most popular platform for mobile devices like smart-phones and tablets. Recently, two closely related security threats have become a major concern of the research community: software piracy and malware. This paper studies the capabilities of code obfuscation for the purposes of plagiarized software and malware diversification. Within the scope of this work, the PANDORA (PANDORA Applies Non-Deterministic Obfuscation Randomly to Android) transformation system for Android bytecode was designed and implemented, combining techniques for data and object-oriented design obfuscation. Our evaluation results indicate deficiencies of the malware detection engines currently used in 46 popular antivirus products, which in most cases were not able to detect samples obfuscated with PANDORA. Furthermore, this paper reveals shortcomings of the Androsim tool and potentially other static software similarity algorithms, recently proposed to address the piracy problem in Android.