The official Google and Apple stores currently host millions of mobile apps, which are used by billions of users. In an ideal world, these users should be able to fully trust their devices and apps. However, the world we currently live in is affected by sophisticated malware that pose severe security risks. One of the most problematic classes of malware is evasive malware, malicious software written with the specific intent of evading currently analysis systems, an aspect that makes its automatic detection an open research problem. The goal of my research is to secure mobile devices from evasive malware of the past, the present, and the future.
First, I tackled the problem of automatically detecting a well-known class of evasive malware that is historically considered as one of the most problematic: logic bombs, subtle malicious functionality (such as a minor alteration of an app’s logic) that is executed, or triggered, only under certain (often narrow) circumstances. Second, I focused on an emerging and understudied classes of maliciousness, denial-of-service attacks: While malware affecting a system's integrity and confidentiality has received substantial attention by the research community, existing program analysis techniques are not suited to detect malice targeting the system's availability aspect, and thus go often undetected. Third, I uncovered a new, previously-unknown class of attacks that can abuse several features of a smartphone's UI: My work shows how these techniques are extremely powerful and stealthy even when attacking tech-savvy users, thus constituting a potential next step for evasive malware samples of the future.