1. Grace. M, Zhou. Y, Shilong. Z, Jiang. X

2.  RiskRanker analyses the paths within an android application  Potentially malicious security risks are flagged for investigation

3.  This application showcases how reverse engineering  Allows fast analysis code paths

4. “The system also needs to be … accurate enough to not miss malicious apps” This application casts three well documented and small nets  Allows 8.95% positive rate on zero-day flags  Allows malware authors to very easily avoid detection

5.  Ignores all execution paths resulting from UI callbacks  “Similarly, malware is un-likely to do so via such a callback handler – as such handlers are triggered by user interaction”  UI callbacks have been abused by malicious software for decades (i.e. browser popups)

6.  Focuses on non-dynamic reflection - “It is possible to ignore a large number of reflection calls, as many such calls use constant arguments in practice”  Dynamic adding of malicious code will remain undetected.

7.  Only forward execution paths are investigated, any ‘unreachable code’ is therefore ignored.  This code could be accessed by changing values in other threads (admitted by the author)  It could also be accessed through dynamic reflection

8.  Requires that malicious native code is stored (against best practice) within res or assets directory.  Requires that encrypted malicious code uses the native encrypt/decrypt functions  This check found only one type of malware

9.  If you built detection software, would publish the design?

10.  3,281 apps flagged (718 true positive’s)  11 undiscovered malware versions “families”  18 total malicious ‘samples’  ?,??? Undiscovered malware families  A family is a version of a given malware (5 of the 11 were just versions of ‘DroidKungFu’)