Please log in to watch this conference skillscast.
Android malware is a continuing problem in the Android ecosystem, even after 9 major Android releases. Android currently relies on implicit and explicit user participation to identify malicious applications, both on the Playstore and on devices.
Currently, multiple techniques exist to identify malware such as code signatures, hashes, permission analysis and manual static analysis. These techniques rely on the premise that who or what is performing the analysis, is required to have access to the Android application (APK). However, performing these analysis techniques on devices is resource intensive, time consuming and also dependent on access to the APK.
What if no access to the APK is required to identify if an application is malicious? Currently, no capability exists to scan for malicious applications at runtime on Android devices, at best there is static analysis on the application and its permissions. Additionally, there is the Android Attestation framework, which attempts to provide information on the state of the device but does not provide information on the state of running applications
In this talk, Chris will explore a novel technique to identify malicious Android applications through the use of analyzing the HEAP of Android applications at runtime. The identification and analysis of instantiated objects for Android applications from the HEAP can be used to effectively identify applications that are making use of, and implementing dangerous functionality such as Class loaders and other well known objects that exhibit malicious behaviour.
Chris will also share how this technique was built and implemented on Android using Android awesomeness and how it can be implemented by the operating system or 3rd party applications to effectively scan application memory for malicious behaviour.
YOU MAY ALSO LIKE:
- Android Attacks and Defences: A Snapshot of Current Attacks and Mitigations (SkillsCast recorded in January 2018)
- Fast Track to Android Architecture (in London on 21st - 23rd October 2019)
- Real World Kotlin Development Workshop (in London on 22nd - 23rd October 2019)
- droidcon London 2019 (in London on 24th - 25th October 2019)
- iOSCon 2020 - The conference for iOS and Swift Developers (in London on 19th - 20th March 2020)
- Clean Architecture using BLoC & Voyager: DI & the Widget Router (in London on 21st October 2019)
- The Sonic Contender (in London on 28th October 2019)
- GHC Runtime Linker by Example (SkillsCast recorded in October 2019)
- Cleaning the Big Picture: Creating Maintainable Mobile Games in Haskell (SkillsCast recorded in October 2019)