Android Anti-Virus Software Prone to Transformation Attacks

securityweek.pngSecurity Week has an interesting article on Android anti-virus software. In summary, most Android anti-virus software relies on signature based analysis that’s easily fooled using simple obfuscation techniques. Obfuscation is more usually used by developers to hide source code from hackers but it can be used by the hackers themselves to transform code into new code that is less likely to be detected by today’s anti-virus software.

The article is based on a paper by North Western University on Evaluating Android Anti-malware against Transformation Attacks (pdf). The authors advocate more research into ways of detecting malware on smartphones. Such methods might include heuristic static analysis of code, crowd sourcing/cluster-analysis of apps system calls and analysis of app power consumption.