A Proposal for Addressing Security Issues Related to Dynamic Code Loading on Android Platform

One of the constant challenges faced by the Android community, when it comes to the safety of the end users, is the ability of applications to load codedynamically. This mechanism may be used for both legitimate and malicious purposes. A particular problem is the fact that remote code is not analyzedduring the verification process because it doesn’t have to be present in the application package at the publishing time. Previous research has shown thatusing this concept in an insecure way can cause serious consequences for the user and his device. Solving this problem has proved to be a big challengethat many have tried to address in different ways. This paper deals with the problem of dynamic code loading on Android platform. For the purpose of thispaper, an application that demonstrates the abuse of the dynamic code loading concept has been developed and published in the Google Play Store. Also,a proposal of the modified Android ecosystem that should address this problem and improve the security of the whole platform is given.