For generating these signatures, malware needs to be analysed for identifying significant and meaningful patterns that should be unique to the malware and its relatives
1
. But not only signaturegeneration requires analysis; in order to disinfect a system, the behaviour of the malware needs to be understood for being able to undo critical changes. For doing so, sandboxes can be used, which guarantees an almost realistic execution of suspicious binaries in an isolated environment. Such sandboxes are known in the domain of stationary computers, e.g. CWSandbox [34] or Java sandboxes [12], but especially smartphone platforms lack such kind of analysing software
2
. This raises concerns since smartphones have already faced a wave of malware [31, 28] and it can be expected that new malware will emerge for popular platforms, like iPhone
3
or Android
4
. In this case, analyzing capabilities are left to a few people within anti-virus companies. This would not be that concerning but Oberheide et al. [23] showed that the average time for receiving a signature for a new malware is about 48 days. This in turn means that users with infected system need to wait 48 days until they have a chance to disinfect it, leaving the window of opportunity very wide open for new malware.