Dynaldroid: A system for automated dynamic analysis of Android applications

Android is an extensively used mobile platform and with evolution it has also witnessed an increased influx of malicious applications in its market place. Availability of multiple sources for downloading applications has aided the malware developers by increasing the consumer base for their applications. This has caused users falling victim to malicious applications. A major hindrance in blocking the entry of malicious applications into the Android market place is scarcity of effective mechanisms to detect malicious applications. Static analysis of an Android application gives a good idea as to what the application is capable of, but it´s effectiveness decreases if the application is obfuscated. Dynamic analysis of an Android application shows the true behavior of the application during execution. Thus dynamic analysis is more useful in uncovering the threats that the user has from an application. The contribution of this work includes automation of Android application execution on an emulator to facilitate dynamic analysis of the application. Based on information collected during dynamic analysis of malware samples, we derived a set of patterns which indicate the occurrence of malicious activity. These patterns allowed us to develop `Dynanlroid´, a dynamic analysis tool for detecting a set of malicious actions performed by Android applications. The network activity carried out by the application is also analyzed by the Dynaldroid.