Threat Category: Malicious or privacy-invasive application
Threat Description: App vetting methods designed to detect malicious code are complicated by various code obfuscation techniques such as sandbox detection, encryption, and dead code (malicious functions unreachable by normal program execution). As a result, a malicious app subjected to app vetting may appear free of harmful code and safe to publish or distribute.
Dissecting Android Malware: Characterization and Evolution 1
Deploy MAM or MDM solutions with policies that prohibit the side-loading of apps, which may bypass security checks on the app.
Use app-vetting tools or services to identify untrusted apps that contain encrypted or obfuscated code.
Use application threat intelligence data about apps that contain encrypted or obfuscated codeMobile Device User
Use Android Verify Apps feature to identify potentially harmful apps.Mobile App Developer
To mitigate your app being detected as potentially malicious, do not arbitrarily encrypt or obfuscate code.
Y. Zhou and X. Jiang, “Dissecting Android Malware: Characterization and Evolution”, in Proceedings of the 2012 IEEE Symposium on Security and Privacy, 2012, pp 95-109; http://ieeexplore.ieee.org/document/6234407/?arnumber=6234407 [accessed 8/25/2016] ↩