DLCDroid an android apps analysis framework to analyse the dynamically loaded code
Abstract To combat dynamically loaded code in anti-emulated environments, DLCDroid is an Android app analysis framework. DL-CDroid uses the reflection API to effectively identify information leaks due to dynamically loaded code within malicious apps, incorporating static and dynamic analysis techniq...
Saved in:
| Main Authors: | , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Nature Portfolio
2025-01-01
|
| Series: | Scientific Reports |
| Subjects: | |
| Online Access: | https://doi.org/10.1038/s41598-025-88003-6 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832585799663616000 |
|---|---|
| author | Rati Bhan Rajendra Pamula K Susheel Kumar Nand Kumar Jyotish Prasun Chandra Tripathi Parvez Faruki Jyoti Gajrani |
| author_facet | Rati Bhan Rajendra Pamula K Susheel Kumar Nand Kumar Jyotish Prasun Chandra Tripathi Parvez Faruki Jyoti Gajrani |
| author_sort | Rati Bhan |
| collection | DOAJ |
| description | Abstract To combat dynamically loaded code in anti-emulated environments, DLCDroid is an Android app analysis framework. DL-CDroid uses the reflection API to effectively identify information leaks due to dynamically loaded code within malicious apps, incorporating static and dynamic analysis techniques. The Dynamically Loaded Code (DLC) technique employs Java features to allow Android apps to dynamically expand their functionality at runtime. Unfortunately, malicious app developers often exploit DLC techniques to transform seemingly benign apps into malware once installed on real devices. Even the most sophisticated static analysis tools struggle to detect data breaches caused by DLC. Our analysis demonstrates that conventional tools areill-equipped to handle DLC. DLCDroid leverages dynamic code interposition techniques for API hooking to expose concealed malicious behavior without requiring modifications to the Android framework. DLCDroid can unveil suspicious behavior that remains hidden when relying solely on static analysis. We evaluate DLCDroid’s performance using a dataset comprising real-world benign and malware apps from reputed repositories like VirusShare and the Google Play Store. Compared to state-of-the-art approaches, the results indicate a significant improvement in detecting sensitive information leaks, more than 95.6% caused by reflection API. Furthermore, we enhance DLCDroid’s functionality by integrating it with an event-based trigger solution, making the framework more scalable and fully automated in its analysis process. |
| format | Article |
| id | doaj-art-bb2eb59d81ff4c158324ab8e22baec70 |
| institution | Kabale University |
| issn | 2045-2322 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | Nature Portfolio |
| record_format | Article |
| series | Scientific Reports |
| spelling | doaj-art-bb2eb59d81ff4c158324ab8e22baec702025-01-26T12:30:47ZengNature PortfolioScientific Reports2045-23222025-01-0115111610.1038/s41598-025-88003-6DLCDroid an android apps analysis framework to analyse the dynamically loaded codeRati Bhan0Rajendra Pamula1K Susheel Kumar2Nand Kumar Jyotish3Prasun Chandra Tripathi4Parvez Faruki5Jyoti Gajrani6School of Computing Science and Engineering, Galgotias UniversityDepartment of Computer Science and Engineering, Indian Institute of Technology (ISM)Department of Information Technology, Manipal Institute of Technology Bengaluru, Manipal Academy of Higher EducationDepartment of Computer Science & Engineering, Birla Institute of TechnologyDepartment of Electrical and Computer Science Engineering, Institute of Infrastructure Technology Research and ManagementDepartment of Technical Education, Govt. of GujaratDepartment of Computer Science and Engineering, Engineering College AjmerAbstract To combat dynamically loaded code in anti-emulated environments, DLCDroid is an Android app analysis framework. DL-CDroid uses the reflection API to effectively identify information leaks due to dynamically loaded code within malicious apps, incorporating static and dynamic analysis techniques. The Dynamically Loaded Code (DLC) technique employs Java features to allow Android apps to dynamically expand their functionality at runtime. Unfortunately, malicious app developers often exploit DLC techniques to transform seemingly benign apps into malware once installed on real devices. Even the most sophisticated static analysis tools struggle to detect data breaches caused by DLC. Our analysis demonstrates that conventional tools areill-equipped to handle DLC. DLCDroid leverages dynamic code interposition techniques for API hooking to expose concealed malicious behavior without requiring modifications to the Android framework. DLCDroid can unveil suspicious behavior that remains hidden when relying solely on static analysis. We evaluate DLCDroid’s performance using a dataset comprising real-world benign and malware apps from reputed repositories like VirusShare and the Google Play Store. Compared to state-of-the-art approaches, the results indicate a significant improvement in detecting sensitive information leaks, more than 95.6% caused by reflection API. Furthermore, we enhance DLCDroid’s functionality by integrating it with an event-based trigger solution, making the framework more scalable and fully automated in its analysis process.https://doi.org/10.1038/s41598-025-88003-6Dynamic CodeReflection APIAndroid MalwareApplication Security |
| spellingShingle | Rati Bhan Rajendra Pamula K Susheel Kumar Nand Kumar Jyotish Prasun Chandra Tripathi Parvez Faruki Jyoti Gajrani DLCDroid an android apps analysis framework to analyse the dynamically loaded code Scientific Reports Dynamic Code Reflection API Android Malware Application Security |
| title | DLCDroid an android apps analysis framework to analyse the dynamically loaded code |
| title_full | DLCDroid an android apps analysis framework to analyse the dynamically loaded code |
| title_fullStr | DLCDroid an android apps analysis framework to analyse the dynamically loaded code |
| title_full_unstemmed | DLCDroid an android apps analysis framework to analyse the dynamically loaded code |
| title_short | DLCDroid an android apps analysis framework to analyse the dynamically loaded code |
| title_sort | dlcdroid an android apps analysis framework to analyse the dynamically loaded code |
| topic | Dynamic Code Reflection API Android Malware Application Security |
| url | https://doi.org/10.1038/s41598-025-88003-6 |
| work_keys_str_mv | AT ratibhan dlcdroidanandroidappsanalysisframeworktoanalysethedynamicallyloadedcode AT rajendrapamula dlcdroidanandroidappsanalysisframeworktoanalysethedynamicallyloadedcode AT ksusheelkumar dlcdroidanandroidappsanalysisframeworktoanalysethedynamicallyloadedcode AT nandkumarjyotish dlcdroidanandroidappsanalysisframeworktoanalysethedynamicallyloadedcode AT prasunchandratripathi dlcdroidanandroidappsanalysisframeworktoanalysethedynamicallyloadedcode AT parvezfaruki dlcdroidanandroidappsanalysisframeworktoanalysethedynamicallyloadedcode AT jyotigajrani dlcdroidanandroidappsanalysisframeworktoanalysethedynamicallyloadedcode |