1 / 24

APKInspector -Static Analysis of Android Applications

APKInspector -Static Analysis of Android Applications. Student: Yuan Tian Mentor: Cong Zheng Backup Mentor: Anthony  Kara Jianwei  0 8 / 22 /2012. Introduction. Background of Android Security APKInspecctor - Overview - Features - Demo. Background. Android Security Scheme.

khuong
Télécharger la présentation

APKInspector -Static Analysis of Android Applications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. APKInspector-Static Analysis of Android Applications Student: Yuan Tian Mentor: Cong Zheng Backup Mentor: Anthony  Kara Jianwei  08/22/2012

  2. Introduction Background of Android Security APKInspecctor - Overview - Features - Demo

  3. Background

  4. Android Security Scheme Linux process sandbox Permission based component interaction Permission labels defined in AndroidManifest.xml Applications need to be signed Install time security decisions

  5. Permissions • Normal • android.permission.VIBRATE • com.android.alarm.permission.SET_ALARM • Dangerous • android.permission.SEND_SMS • android.permission.CALL_PHONE • Signature • android.permission.FORCE_STOP_PACKAGES • android.permission.INJECT_EVENTS • SignatureOrSystem • android.permission.ACCESS_USB • android.permission.SET_TIME

  6. Component Interaction Intents : IPC Android Manifest.xml: Application’s policy file Component Activity: Define screens Service: Background processing Broadcast Receiver: Mailbox for messages from other applications Content Provider: Relational database for sharing information

  7. Application Signature Applications are self-signed; no CA required Signature define persistence Detect if the application has changed Application update Signatures define authorship Establish trust between applications Run in same Linux ID

  8. Malware Type • Abuse of Telephony Services • Root Exploitation • Sensitive Information Exposure • Package Repacking • Update attack

  9. Analysis Techniques Ded smali/baksmali Apktool androguard

  10. APKInspector Overview Integrate the previous static analysis tools and provides graphic features which bring convenience to the malware analysis Features: CFG Call Graph Static Instrumentation Permission Analysis Dalvik codes Smali codes Java codes APK Information

  11. Improved Features Improvement of UI Adding of more features to assist the analysis of malware Bug Fix Easy to use Powerful Analysis Flexible

  12. UI Improvement Automatically installation Fine-grained Graph View to Source View Call Graph Navigation Better display of Control Flow Graph

  13. New Analysis Features Reverse the Code with Ded for Java Analysis Static Instrumentation Combine Permission Analysis Add Support for odex

  14. Bug Fix

  15. Usage of APKInspector • Installation with Shell Script • Analysis of APK

  16. Usage of APKInspector Filter of Malicious behavior by permission analysis

  17. Usage of APKInspector • Smali code

  18. Usage of APKInspector • Static Code Instrumentation

  19. Usage of APKInspector • Dalvik Bytecode

  20. Usage of APKInspector • Control Flow Graph

  21. Usage of APKInspector • Java

  22. Usage of APKInspector • Navigation Back & Forward Current Method displayed

  23. Usage of APKInspector • Call Graph

  24. Q&A Thanks! tianyuan186@gmail.com

More Related