Abstract

The runtime system for the Android platform has changed to ART. ART differs from previously used Dalvik in that it is to be a runtime environment for the application’s machine code. As a result, ART does not execute Dalvik bytecode through an interpreter but executes the machine code itself, leading to high performance and many other benefits. This change in runtime system also has many implications for mobile security. While we can anticipate with certainty the resurgence of modified malicious activity or malicious applications previously used with Dalvik or the emergence of completely new structures of malicious techniques, we can no longer ascertain the feasibility of the analysis techniques and analysis tools used against these malicious applications that operated in Dalvik. To combat future potential malicious techniques for ART, we must first have a clear understanding of ART and, with this foundation, to effectively and accurately utilize the correct analysis technique. Thus, this paper serves to introduce an analysis on the operating method and architecture of ART and, based on this information, address the executable feasibility of the analysis techniques in ART. Furthermore, we present the test results of running these analysis tools and techniques in ART.