{"title":"DLCDroid an android apps analysis framework to analyse the dynamically loaded code.","authors":"Rati Bhan, Rajendra Pamula, K Susheel Kumar, Nand Kumar Jyotish, Prasun Chandra Tripathi, Parvez Faruki, Jyoti Gajrani","doi":"10.1038/s41598-025-88003-6","DOIUrl":null,"url":null,"abstract":"<p><p>To combat dynamically loaded code in anti-emulated environments, DLCDroid is an Android app analysis framework. DL-CDroid uses the reflection API to effectively identify information leaks due to dynamically loaded code within malicious apps, incorporating static and dynamic analysis techniques. The Dynamically Loaded Code (DLC) technique employs Java features to allow Android apps to dynamically expand their functionality at runtime. Unfortunately, malicious app developers often exploit DLC techniques to transform seemingly benign apps into malware once installed on real devices. Even the most sophisticated static analysis tools struggle to detect data breaches caused by DLC. Our analysis demonstrates that conventional tools areill-equipped to handle DLC. DLCDroid leverages dynamic code interposition techniques for API hooking to expose concealed malicious behavior without requiring modifications to the Android framework. DLCDroid can unveil suspicious behavior that remains hidden when relying solely on static analysis. We evaluate DLCDroid's performance using a dataset comprising real-world benign and malware apps from reputed repositories like VirusShare and the Google Play Store. Compared to state-of-the-art approaches, the results indicate a significant improvement in detecting sensitive information leaks, more than 95.6% caused by reflection API. Furthermore, we enhance DLCDroid's functionality by integrating it with an event-based trigger solution, making the framework more scalable and fully automated in its analysis process.</p>","PeriodicalId":21811,"journal":{"name":"Scientific Reports","volume":"15 1","pages":"3292"},"PeriodicalIF":3.9000,"publicationDate":"2025-01-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC11770144/pdf/","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Scientific Reports","FirstCategoryId":"103","ListUrlMain":"https://doi.org/10.1038/s41598-025-88003-6","RegionNum":2,"RegionCategory":"综合性期刊","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"MULTIDISCIPLINARY SCIENCES","Score":null,"Total":0}
引用次数: 0
Abstract
To combat dynamically loaded code in anti-emulated environments, DLCDroid is an Android app analysis framework. DL-CDroid uses the reflection API to effectively identify information leaks due to dynamically loaded code within malicious apps, incorporating static and dynamic analysis techniques. The Dynamically Loaded Code (DLC) technique employs Java features to allow Android apps to dynamically expand their functionality at runtime. Unfortunately, malicious app developers often exploit DLC techniques to transform seemingly benign apps into malware once installed on real devices. Even the most sophisticated static analysis tools struggle to detect data breaches caused by DLC. Our analysis demonstrates that conventional tools areill-equipped to handle DLC. DLCDroid leverages dynamic code interposition techniques for API hooking to expose concealed malicious behavior without requiring modifications to the Android framework. DLCDroid can unveil suspicious behavior that remains hidden when relying solely on static analysis. We evaluate DLCDroid's performance using a dataset comprising real-world benign and malware apps from reputed repositories like VirusShare and the Google Play Store. Compared to state-of-the-art approaches, the results indicate a significant improvement in detecting sensitive information leaks, more than 95.6% caused by reflection API. Furthermore, we enhance DLCDroid's functionality by integrating it with an event-based trigger solution, making the framework more scalable and fully automated in its analysis process.
期刊介绍:
We publish original research from all areas of the natural sciences, psychology, medicine and engineering. You can learn more about what we publish by browsing our specific scientific subject areas below or explore Scientific Reports by browsing all articles and collections.
Scientific Reports has a 2-year impact factor: 4.380 (2021), and is the 6th most-cited journal in the world, with more than 540,000 citations in 2020 (Clarivate Analytics, 2021).
•Engineering
Engineering covers all aspects of engineering, technology, and applied science. It plays a crucial role in the development of technologies to address some of the world''s biggest challenges, helping to save lives and improve the way we live.
•Physical sciences
Physical sciences are those academic disciplines that aim to uncover the underlying laws of nature — often written in the language of mathematics. It is a collective term for areas of study including astronomy, chemistry, materials science and physics.
•Earth and environmental sciences
Earth and environmental sciences cover all aspects of Earth and planetary science and broadly encompass solid Earth processes, surface and atmospheric dynamics, Earth system history, climate and climate change, marine and freshwater systems, and ecology. It also considers the interactions between humans and these systems.
•Biological sciences
Biological sciences encompass all the divisions of natural sciences examining various aspects of vital processes. The concept includes anatomy, physiology, cell biology, biochemistry and biophysics, and covers all organisms from microorganisms, animals to plants.
•Health sciences
The health sciences study health, disease and healthcare. This field of study aims to develop knowledge, interventions and technology for use in healthcare to improve the treatment of patients.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
