Real-time Detection of Passive Backdoor Behaviors on Android System

Backdoors in legitimate applications allow attackers to obtain the users’ private information and achieve remote attacks without downloading any malicious files on the target device. However, some passive backdoor behaviors are very similar to the normal behaviors and are difficult to detect by users and most malicious behavior detection systems on Android. In this paper, we design and implement BDfinder, an easy-to-deploy and dynamical passive backdoor detection system to detect and visualize backdoor behaviors in real time. We evaluate the performance of BDfinder on more than 1800 apps from the Google Play and Xiaomi Market. Our experimental results show that BDfinder not only detects the common backdoor behaviors but also finds undiscovered vulnerabilities. In addition, we propose a simple and safe defense solution based on public key cryptosystem to reduce the malicious use of passive backdoors by attackers. It ensures that even if the attacker has the maximum reverse capability for Android applications, he cannot maliciously make use of the passive backdoors.