We present sandbox mining, a technique to confine an application to resources accessed during automatic testing. Sandbox mining first explores software behavior by means of automatic test generation, and extracts the set of resources accessed during these tests. This set is then used as a sandbox, blocking access to resources not used during testing. The mined sandbox thus protects against behavior changes such as the activation of latent malware, infections, targeted attacks, or malicious updates.

The use of test generation makes sandbox mining a fully automatic process that can be run by vendors and end users alike. Our BOXMATE prototype requires less than one hour to extract a sandbox from an Android app, with few to no false alarms on frequently used functionality.

Watch BOXMATE explained in 3 minutes:

Watch Andreas Zeller present BOXMATE at the TCE conference:

Press releases


idw-online.de: With Boxmate malicious programs have no place left to hide
phys.org: With Boxmate malicious programs have no place left to hide


sr.de: Saar-Informatiker bremsen Schadsoftware aus
heise.de: Boxmate soll Schadprogrammen keine Chance geben

Source code

Source code of DroidMate and publicly shared parts of BOXMATE can be found on GitHub.

ICSE 2016 publication "Mining Sandboxes"

In our paper (click here to view), accepted for publication to ICSE 2016, we introduce the notion of sandbox mining. The anonymized experimental data used in the paper can be accessed here.

The data contains:

  • summaries and comparisons of our test generator (DroidMate) runs to human-written use cases, including the data on which API calls have been observed and when;
  • false positives observed during use case runs;
  • raw data points used to generate charts;
  • raw Android device logcat logs obtained from the device when conducting human-written use cases;
  • AppGuard API list.

MOBILESoft 2016 publication "DroidMate: A Robust and Extensible Test Generator for Android"

You can obtain our DroidMate test generator demonstration paper here.

Evaluated apps metadata is available here.

Vision paper

You can obtain our "Visions of 2025 and Beyond" white paper here.


I want to write malware. How can I stay in business?
With BOXMATE, you are in a "disclose or die" dilemma. Either you expose malicious behavior or your backdoor during mining, and then it becomes explicit for scrutiny and discussion; or you do not, and then the sandbox prevents it.

How about I ship a permissive sandbox with my malware?
BOXMATE users can safely assess your program and its sandbox before installation. See "How can I trust a supplied sandbox?", below.

I could craft and propagate an "official" rule that allows my attack.
Your rule would have to withstand public scrutiny, very much like patches to open source programs.

I am a user. I am getting a false alarm. What can I do?
Use an "official" sandbox provided by the trusted vendor. Or re-run BOXMATE to have your sandbox include the legitimate behavior.

How can I trust a supplied sandbox?
You can run BOXMATE yourself and compare; if the supplied sandbox allows more resource accesses than your sandbox, there should be a legitimate reason.

Does BOXMATE collect usage data?
BOXMATE is set to detect differences in program behavior, not usage behavior. It neither collects nor assesses nor characterizes program usage.

Does BOXMATE track information flow?
BOXMATE can enforce that specific parts of the output are identical to specific parts of the input, constraining data and its origins in a lightweight fashion.

How will BOXMATE ever get 100% coverage, say of exceptional behavior?
We only need to cover sensitive resource accesses, which is a small subset of behavior. "Benign" exceptional behavior would rarely access yet unseen sensitive resources—in contrast to backdoors, for instance.

How can I ensure the mined sandbox encompasses all legit behavior?
In case BOXMATE cannot discover some behavior, you can top the BOXMATE tests with your own set of extensive tests, and ship the mined sandbox with your program or upload it to the shared repository.

What if features are unlocked by passwords or purchases?
If the vendor does not provide a demo account or an official sandbox with all features, simply run BOXMATE again after unlocking.

Automatic learners for intrusion detection are hardly used in practice.
BOXMATE uses neither automated classifiers nor training on usage data or usage profiles: Using test generation, BOXMATE can systematically and automatically explore all normal program behavior well before production.

How can I protect my intellectual property?
By design, BOXMATE relies only on externally visible system interaction; the implementation can remain unchanged and arbitrarily obfuscated.