Many Android apps are using sandbox-detection techniques, and here is an example. To make things worse, there are malware using the sandbox-detection techniques in order to escape from being detected by automatic dynamic app testing services and attack real users only, according to a study from Kim, Mijoo, et al., 2016. As a result, three research questions can be raised:

  1. RQ1: What sandbox-detection techniques are applied in Android apps, and how and to what extent are they applied?
  2. RQ2: Is there a method capable of detecting such sandbox-detection techniques given a sample app?
  3. RQ3: Is there an app analysis solution undetectable by common sandbox-detection methods?

The goal of the Android sandbox detection and countermeasure project is solving the problems mentioned above. This can be separated into finer stages:

  1. Investigating and collecting sandbox-detection techniques used in Android app (especially malware), and implementing a sample app using those techniques.
  2. Implementing a detection-aware system.
  3. Implementing an undetectable system.



Ziyue Yang


  • Yuanchun Li