Skip to main content

Studying the Android Malware Ecosystem

Researcher: Nicolas Christin

Research Area: Mobility

Cross Cutting Thrusts: Software Security


Application marketplaces are the main software distribution mechanism for modern mobile devices but are also emerging as a viable alternative to brick-and-mortar stores for personal computers. While most application marketplaces require applications to be cryptographically signed by their developers, in Android marketplaces, self-signed certificates are common, thereby offering very limited authentication properties. As a result, there have been reports of malware being distributed through application "repackaging." We have conducted a comprehensive measurement study of application packaging in alternative marketplaces, and are currently in the process of developing tools to automatically analyze Android applications in a sandboxed environment. We have also provided some guidelines for forensic analysis of Android devices.

Outcomes: We are publishing academic papers on the subject, and expect to make our Android application analyzer public shortly.