Presenter: Simon Althaus, University of Darmstadt
Date: 10 April 2024

Smartphones are ever-present in our daily lives and handle a wealth of sensitive information like text messages and photos. Malicious applications can obtain access to such data and leak them to third parties with potentially grave consequences (i.e., theft, blackmail, etc.). Therefore, the study of malware, with the goal of identifying such malicious applications, has attracted significant research interest in recent years, especially focusing on Android applications. Malware research based on a combination of static and dynamic approaches has been shown to be effective in identifying a range of typical malware types like example keyloggers and ransomware. Moreover, it has been shown that applications that are not malware in the traditional sense, e.g. social networking applications or even over-privileged system applications, might leak significant amounts of data without user consent or notification. Therefore, this talk will provide an overview of trends in research regarding static and dynamic analysis for Android applications with the goal of identifying such malicious or information-leaking behaviors. We will discuss different approaches based on taint analysis, system call analysis, provenance tracking, network traffic analysis and more. The talk will also cover the extended Berkeley Packet Filter (eBPF) and how it can be useful for tracing and dynamic analysis.

Short bio: Simon Althaus is a Research Associate at the Telecooperation Lab at Technical University of Darmstadt. He obtained a MSc degree from Technical University of Darmstadt working on botnets. Simon is currently researching in the field of Android security. His research interests include dynamic analysis, eBPF, provenance tracking, and privacy-enhancing technologies.