Enter Sandbox: Android Sandbox Comparison

Sebastian Neuner, Victor van der Veen, Martina Lindorfer, Markus Huber, Georg Merzdovnik, Edgar Weippl, Martin Mulazzani

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review


Expecting the shipment of 1 billion Android devices in 2017, cyber criminals have naturally extended their vicious activities towards Google's mobile operating system. With an estimated number of 700 new Android applications released every day, keeping control over malware is an increasingly challenging task. In recent years, a vast number of static and dynamic code analysis platforms for analyzing Android applications and making decision regarding their maliciousness have been introduced in academia and in the commercial world. These platforms differ heavily in terms of feature support and application properties being analyzed. In this paper, we give an overview of the state-of-the-art dynamic code analysis platforms for Android and evaluate their effectiveness with samples from known malware corpora as well as known Android bugs like Master Key. Our results indicate a low level of diversity in analysis platforms resulting from code reuse that leaves the evaluated systems vulnerable to evasion. Furthermore the Master Key bugs could be exploited by malware to hide malicious behavior from the sandboxes.
Original languageEnglish
Title of host publicationProceedings of the Third Workshop on Mobile Security Technologies (MoST) 2014
Publication statusPublished - 2014


  • Android
  • Malware
  • Dynamic Analysis
  • Sandbox evasion
  • Sandbox fingerprinting


Dive into the research topics of 'Enter Sandbox: Android Sandbox Comparison'. Together they form a unique fingerprint.

Cite this