Many Android apps are using sandbox-detection techniques, and here is an example. To make things worse, there are malware using the sandbox-detection techniques in order to escape from being detected by automatic dynamic app testing services and attack real users only, according to a study from Kim, Mijoo, et al., 2016. As a result, three research questions can be raised:
- RQ1: What sandbox-detection techniques are applied in Android apps, and how and to what extent are they applied?
- RQ2: Is there a method capable of detecting such sandbox-detection techniques given a sample app?
- RQ3: Is there an app analysis solution undetectable by common sandbox-detection methods?
The goal of the Android sandbox detection and countermeasure project is solving the problems mentioned above. This can be separated into finer stages:
- Investigating and collecting sandbox-detection techniques used in Android app (especially malware), and implementing a sample app using those techniques.
- Implementing a detection-aware system.
- Implementing an undetectable system.