AspectDroid: Android App Analysis System

Abstract

The growing threat to user privacy related to Android applications (apps) has tremendously increased the need for more reliable and accessible app analysis systems. This paper presents AspectDroid, an application-level system designed to investigate Android applications for possible unwanted activities. AspectDroid is comprised of app instrumentation, automated testing and containment systems. By using static bytecode instrumentation, The growing threat to user privacy related to Android applications (apps) has tremendously increased the need for more reliable and accessible app analysis systems. This paper presents AspectDroid, an application-level system designed to investigate Android applications for possible unwanted activities. AspectDroid is comprised of app instrumentation, automated testing and containment systems. By using static bytecode instrumentation, AspectDroid weaves monitoring code into an existing application and provides data flow and sensitive API usage as well as dynamic instrumentation capabilities. The newly repackaged app is then executed either manually or via an automated testing module. Finally, the flexible containment provided by AspectDroid adds a layer of protection so that malicious activities can be prevented from affecting other devices. The accuracy score of AspectDroid when tested on 105 DroidBench corpus shows it can detect tagged data with 95.29\%. We further tested our system on 100 real malware families from the Drebin dataset \cite{drebin2014}. The result of our analysis showed AspectDroid incurs approximately 1MB average total memory size overhead and 5.9\% average increase in CPU-usage.