Unraveling reflection induced sensitive leaks in android apps

Reflection is a programming language feature that permits analysis and transformation of the behavior of classes used in programs in general, and in apps in particular at the runtime. Reflection facilitates various features such as dynamic class loading, method invocation, and attribute usage at runtime. These language features allow the development of apps that may obtain and exchange information that is unavailable at compile time. Unfortunately, malware authors leverage reflection to subvert the malware detection by static analyzers as reflection can hinder taint analysis used by static analyzers for analysis of sensitive leaks. Even the latest, and probably the best performing static analyzers are not able to detect information leaks in the malware via reflection. In this paper, we propose EspyDroid, a system that combines dynamic analysis with code instrumentation for a more precise detection of leaks in malicious apps via reflection with code obfuscation. The evaluation of EspyDroid on the benchmark, VirusShare, and Playstore apps shows substantial improvement in detection of sensitive leaks via reflection.