Hunting Android Malware - A Novel Runtime Technique for Identifying Malicious Applications

Explore a novel runtime technique for identifying malicious Android applications in this 43-minute conference talk from TROOPERS18. Delve into Android malware, app protection strategies, and analysis techniques while examining existing Android defenses. Discover the speaker's frustrations with current methods and learn about the innovative "Zoolander" solution. Gain insights into instrumentation, static analysis challenges, and the use of Java Docs. Witness a live demonstration of the victim app, snapshot attestation API, and understand the motivations behind this approach. Examine the GitHub implementation and discuss potential weaknesses of this malware hunting technique.

Introduction
Agenda
Android Malware
How do I protect my app
Malware analysis techniques
Android defenses
What were my frustrations
Zoolander
The Solution
Instrumentation
Demonstration
Limitations
Static Analysis
Frustrations
Java Docs
Victim App
Snapshot
attestation API
why did I do it
how I did it
demo
GitHub
Weaknesses