Abstract:
Due to the openness of the Android system and the diversity of the third-party application markets, Android system has achieved a high market share while brought huge risks. As a result, Android malware emerge endlessly and spread widely, which seriously threaten users’ privacy and economic security. How to effectively detect Android malware has been widely concerned by researchers. According to whether the application is executed or not, the existing malware detection methods are divided into static detection and dynamic detection. Between the two, the static detection methods outperform the dynamic detection methods in terms of efficiency and code coverage, Drebin and other static detection tools have been widely used. We systematically review the research progress in the field of static Android malware detection. First, the static features of Android applications are introduced. Then, according to different static features used for detecting Android malware, the static Android malware detection methods are classified into three categories: permissions, application programming interface(API), and opcode based approaches, and the Android application data sets and indicators commonly used to evaluate the detection performance of Android malware are summarized. Finally, potential research directions of static Android malware detection techniques in the future are discussed, which provides references for researchers in related directions.