We present Apposcopy, a new semantics-based approach for
identifying a prevalent class of Android malware that steals
private user information. Apposcopy incorporates (i) a high-
level language for specifying signatures that describe seman-
tic characteristics of malware families and (ii) a static anal-
ysis for deciding if a given application matches a malware
signature. The signature matching algorithm of Apposcopy
uses a combination of static taint analysis and a new form of
program representation called Inter-Component Call Graph
to efficiently detect Android applications that have certain
control- and data-flow properties. We have evaluated Ap-
poscopy on a corpus of real-world Android applications and
show that it can effectively and reliably pinpoint malicious
applications that belong to certain malware families.
identifying a prevalent class of Android malware that steals
private user information. Apposcopy incorporates (i) a high-
level language for specifying signatures that describe seman-
tic characteristics of malware families and (ii) a static anal-
ysis for deciding if a given application matches a malware
signature. The signature matching algorithm of Apposcopy
uses a combination of static taint analysis and a new form of
program representation called Inter-Component Call Graph
to efficiently detect Android applications that have certain
control- and data-flow properties. We have evaluated Ap-
poscopy on a corpus of real-world Android applications and
show that it can effectively and reliably pinpoint malicious
applications that belong to certain malware families.
more here...........http://cs.stanford.edu/people/saswat/research/apposcopy.pdf