CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes

• Published in: Financial Cryptography and Data Security Vol. 9603; pp. 231 - 249
• Main Authors: Carter, Patrick, Mulliner, Collin, Lindorfer, Martina, Robertson, William, Kirda, Engin
• Format: Book Chapter
• Language: English
• Published: Germany Springer Berlin / Heidelberg 2017; Springer Berlin Heidelberg
• Series: Lecture Notes in Computer Science
• Subjects: Android; Dynamic analysis; User Interface Analysis
• ISBN: 3662549697; 9783662549698
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-662-54970-4_13

Mobile computing has experienced enormous growth in market share and computational power in recent years. As a result, mobile malware is becoming more sophisticated and more prevalent, leading to research into dynamic sandboxes as a widespread approach for detecting malicious applications. However, the event-driven nature of Android applications renders critical the capability to automatically generate deterministic and intelligent user interactions to drive analysis subjects and improve code coverage. In this paper, we present CuriousDroid, an automated system for exercising Android application user interfaces in an intelligent, user-like manner. CuriousDroid operates by decomposing application user interfaces on-the-fly and creating a context-based model for interactions that is tailored to the current user layout. We integrated CuriousDroid with Andrubis, a well-known Android sandbox, and conducted a large-scale evaluation of 38,872 applications taken from different data sets. Our evaluation demonstrates significant improvements in both end-to-end sample classification as well as increases in the raw number of elicited behaviors at runtime.