Hunting Droids from the Inside
This talk will be a survey of different potentially harmful applications (PHAs), botnets and malware campaigns on Android that we encountered in 2016. I’ll walk through a variety of different malicious apps, explain the malware authors’ objectives and the techniques they use in order to achieve those objectives. In addition to detecting and analyzing PHAs, we also actively shield users from them through platform enhancements. For example, by changing Android APIs to make them less prone to abuse, we render some of the potentially harmful APKs unusable and benign for users. In some cases, we’ve deprecated APIs or introduced new features, resulting in a significant drop in affected users. This is not only limited to providing protections from PHAs in the Google Play store, but also for any apps that users install on their phones. I will highlight a series of anti-abuse measures and present the positive impact it’s had on the ecosystem at large.