An Open and Automated Android Behavior Monitor in Cloud

Abstract

For security and privacy considerations, it is important for Android users to understand the behavior and the risk of an application. Although Google claims that new applications available on the official market have passed their security checks, the open design of the Android system still allows a user to install applications for third party vendors. Therefore, there is still a demand for users to know more about an unknown application. In this paper, we discussed our experiences on setting up a scalable automated Android behavior monitor using virtualization techniques. Our contribution is two-fold: (1) We design and implement a scalable behavior monitor using both dynamic analysis and static analysis techniques; and (2) Based on parts of the analyzed results, we develop a preliminary filter to distinguish benign and malicious applications. The system is open to the public and we expect that the analyzed results can be fed back to the research community and further stimulate more studies on analyzing malicious Android applications.