AndroTotal: A Flexible, Scalable Toolbox and Service for Testing Mobile Malware Detectors

Abstract

Although there are controversial opinions regarding how large the mobile malware phenomenon is in terms of absolute numbers, hype aside, the amount of new Android malware variants is increasing. This trend is mainly due to the fact that, as it happened with traditional malware, the authors are striving to repackage, obfuscate, or otherwise transform the executable code of their malicious apps in order to evade mobile security apps. There are about 85 of these apps only on the official marketplace. However, it is not clear how effective they are. Indeed, the sandboxing mechanism of Android does not allow (security) apps to audit other apps. We present AndroTotal, a publicly available tool, malware repository and research framework that aims at mitigating the above challenges, and allow researchers to automatically scan Android apps against an arbitrary set of malware detectors. We implemented AndroTotal and released it to the research community in April 2013. So far, we collected 18,758 distinct submitted samples and received the attention of several research groups (1,000 distinct accounts), who integrated their malware-analysis services with ours.

Publication
Proceedings of the Third ACM Workshop on Security and Privacy in Smartphones & Mobile Devices
Location
New York, NY, USA

Related