Bhan, R., Pamula, R., Kumar, K.S. et al. (4 more authors) (2025) DLCDroid an android apps analysis framework to analyse the dynamically loaded code. Scientific Reports, 15. 3292.
Abstract
To combat dynamically loaded code in anti-emulated environments, DLCDroid is an Android app analysis framework. DL-CDroid uses the reflection API to effectively identify information leaks due to dynamically loaded code within malicious apps, incorporating static and dynamic analysis techniques. The Dynamically Loaded Code (DLC) technique employs Java features to allow Android apps to dynamically expand their functionality at runtime. Unfortunately, malicious app developers often exploit DLC techniques to transform seemingly benign apps into malware once installed on real devices. Even the most sophisticated static analysis tools struggle to detect data breaches caused by DLC. Our analysis demonstrates that conventional tools areill-equipped to handle DLC. DLCDroid leverages dynamic code interposition techniques for API hooking to expose concealed malicious behavior without requiring modifications to the Android framework. DLCDroid can unveil suspicious behavior that remains hidden when relying solely on static analysis. We evaluate DLCDroid’s performance using a dataset comprising real-world benign and malware apps from reputed repositories like VirusShare and the Google Play Store. Compared to state-of-the-art approaches, the results indicate a significant improvement in detecting sensitive information leaks, more than 95.6% caused by reflection API. Furthermore, we enhance DLCDroid’s functionality by integrating it with an event-based trigger solution, making the framework more scalable and fully automated in its analysis process.
Metadata
Item Type: | Article |
---|---|
Authors/Creators: |
|
Copyright, Publisher and Additional Information: | © 2025 The Authors. This is an Open Access article distributed under the terms of the Creative Commons Attribution Licence (https://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. |
Keywords: | Dynamic Code; Reflection API; Android Malware; Application Security |
Dates: |
|
Institution: | The University of Sheffield |
Academic Units: | The University of Sheffield > Faculty of Engineering (Sheffield) > Department of Computer Science (Sheffield) |
Depositing User: | Symplectic Sheffield |
Date Deposited: | 30 Jan 2025 10:35 |
Last Modified: | 30 Jan 2025 10:35 |
Published Version: | https://doi.org/10.1038/s41598-025-88003-6 |
Status: | Published |
Publisher: | Springer Science and Business Media LLC |
Refereed: | Yes |
Identification Number: | 10.1038/s41598-025-88003-6 |
Open Archives Initiative ID (OAI ID): | oai:eprints.whiterose.ac.uk:222386 |