Malware Analysis and Detection in Android 15 Devices through Reverse Engineering Techniques
DOI:
https://doi.org/10.33936/isrtic.v10i1.8098Keywords:
Android, malware, reverse engineering, static and dynamic análisis, MagisTVAbstract
This article presents a case study on malware analysis and detection in Android devices, focusing on the IPTV application MagisTV running on Android 8 and Android 15. MagisTV was selected as the unit of analysis due to its widespread use, its request for sensitive permissions and its intensive, potentially abusive network traffic. A hybrid, reverse-engineering-guided approach is used, combining static analysis of the Manifest, components, native libraries and sensitive APIs with dynamic analysis of runtime behaviour under controlled usage scenarios: startup, login, menu navigation, video streaming, background use, forced close and restart, storage operations, persistence test and TLS interception attempts. The methodology relies on specialised tools (MobSF, Apktool, Androguard, JADX, ADB/logcat, monkey/UIAutomator, tcpdump, Wireshark and mitmproxy) and on the systematic capture of network traces and system events, preserving end to end traceability between code level findings and observable behaviour. The results show that MagisTV exhibits a broad permission surface and complex architecture, but that in the tested scenarios it behaves as an IPTV client, without effective use of camera or microphone and without auto start after reboot, while still maintaining continuous or intermittent communications depending on the Android version. The comparison between Android 8 and Android 15 highlights differences in observability linked to platform hardening, particularly in storage access and background execution. The study underscores the importance of integrating static and dynamic evidence and of explicitly considering the Android version as contextual information for explainable detection and for the design of educational labs in mobile malware analysis.
Downloads
References
Aamir, M., Iqbal, M. W., Nosheen, M., Ashraf, M. U., Shaf, A., Almarhabi, K. A., Alghamdi, A. M., & Bahaddad, A. A. (2024). AMDDLmodel: Android smartphones malware detection using deep learning model. PLOS ONE, 19(1), e0296722. https://doi.org/10.1371/journal.pone.0296722
Almomani, I., Ahmed, M., & El-Shafai, W. (2022). Android malware analysis in a nutshell. PLOS ONE, 17(7), e0270647. https://doi.org/10.1371/journal.pone.0270647
Chen, Y.-C., Chen, H.-Y., Takahashi, T., Sun, B., & Lin, T.-N. (2021). Impact of Code Deobfuscation and Feature Interaction in Android Malware Detection. IEEE Access, 9, 123208-123219. https://doi.org/10.1109/ACCESS.2021.3110408
Gao, H., Cheng, S., & Zhang, W. (2021). GDroid: Android malware detection and classification with graph convolutional network. Computers & Security, 106, 102264. https://doi.org/10.1016/j.cose.2021.102264
Gohari, M., Hashemi, S., & Abdi, L. (2021). Android Malware Detection and Classification Based on Network Traffic Using Deep Learning. 2021 7th International Conference on Web Research (ICWR), 71-77. https://doi.org/10.1109/ICWR51868.2021.9443025
Gu, J., Zhu, H., Han, Z., Li, X., & Zhao, J. (2024). GSEDroid: GNN-based Android malware detection framework using lightweight semantic embedding. Computers & Security, 140, 103807. https://doi.org/10.1016/j.cose.2024.103807
Manzil, H. H. R., & Manohar Naik, S. (2023). Android malware category detection using a novel feature vector-based machine learning model. Cybersecurity, 6(1), 6. https://doi.org/10.1186/s42400-023-00139-y
Muzaffar, A., Ragab Hassen, H., Lones, M. A., & Zantout, H. (2022). An in-depth review of machine learning based Android malware detection. Computers & Security, 121, 102833. https://doi.org/10.1016/j.cose.2022.102833
Palma, C., Ferreira, A., & Figueiredo, M. (2023). Explainable Machine Learning for Malware Detection on Android Applications. Information, 15(1). https://doi.org/10.3390/info15010025
Pathak, A., Kumar, Th. S., & Barman, U. (2024). Static analysis framework for permission-based dataset generation and android malware detection using machine learning. EURASIP Journal on Information Security, 2024(1), 33. https://doi.org/10.1186/s13635-024-00182-3
Sanna, S. L., Soi, D., Maiorca, D., Fumera, G., & Giacinto, G. (s. f.). A risk estimation study of native code vulnerabilities in Android applications. Recuperado 29 de octubre de 2025, de https://dx.doi.org/10.1093/cybsec/tyae015
Smmarwar, S. K., Gupta, G. P., & Kumar, S. (2024). Android malware detection and identification frameworks by leveraging the machine and deep learning techniques: A comprehensive review. Telematics and Informatics Reports, 14, 100130. https://doi.org/10.1016/j.teler.2024.100130
Xu, Q., Zhao, D., Yang, S., Xu, L., & Li, X. (2023). Android Malware Detection Based on Behavioral-Level Features with Graph Convolutional Networks. Electronics, 12(23). https://doi.org/10.3390/electronics12234817
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Anthony Alexander Contreras Espinoza, Joofre Antonio Honores Tapia, Milton Rafael Valarezo Pardo, Tania Yesminia Contreras Alonso
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Articles submitted to this journal for publication will be released for open access under a Creative Commons Attribution Non-Commercial No Derivative Works licence (http://creativecommons.org/licenses/by-nc-nd/4.0).
The authors retain copyright, and are therefore free to share, copy, distribute, perform and publicly communicate the work under the following conditions: Acknowledge credit for the work specified by the author and indicate if changes were made (you may do so in any reasonable way, but not in a way that suggests that the author endorses your use of his or her work. Do not use the work for commercial purposes. In case of remixing, transformation or development, the modified material may not be distributed.
