APKInspector -Static Analysis of Android Applications Student: Yuan Tian Mentor: Cong Zheng Backup Mentor: Anthony Kara Jianwei 08/22/2012.

Slides:

Advertisements

Similar presentations

Google Android Introduction to Mobile Computing. Android is part of the build a better phone process Open Handset Alliance produces Android Comprises.

Advertisements

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Aurasium: Practical Policy Enforcement for Android Applications

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Aurasium: Practical Policy Enforcement for Android Applications By Yaoqi USENIX Security Symposium 2012.

Machigar Ongtang, Stephen McLaughlin, William Enck, Patrick McDaniel Department of Computer Science and Engineering The Pennsylvania State University ACSCA.

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee

Policy Weaving for Mobile Devices Drew Davidson. Smartphone security is critical – 1200 to 1400 US Army troops to be equipped with Android smartphones.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson.

ANDROID PROGRAMMING MODULE 1 – GETTING STARTED

S MARTPHONE A PPLICATION D EVELOPMENT Sam Palmer.

Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.

William Enck, Machigar Ongtang, and Patrick McDaniel.

IOS & Android Security, Hacking and Tweaking Workshop D.Papamartzivanos University Of the Aegean – Info Sec Lab Android Security – Cydia Substrate Dimitris.

Emerging Platform#4: Android Bina Ramamurthy.  Android is an Operating system.  Android is an emerging platform for mobile devices.  Initially developed.

CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.

Android Introduction Platform Overview.

One Root To Own Them All Black Hat US 2013 Jeff Bluebox 1.

Introduction to Mobile Malware

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

박 종 혁 컴퓨터 보안 및 운영체제 연구실 MobiSys '11 Proceedings of the 9th international conference on Mobile systems, applications,

Introduction to Android Swapnil Pathak Advanced Malware Analysis Training Series.

Detecting and Preventing Privilege- Escalation on Android Jiaojiao Fu 1.

Byron Alleman Will Galloway Jesse McCall. Permission Based Security Model Users can only use features for which their permissions grant them access Abstracts.

All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영

Presented by: Kushal Mehta University of Central Florida Michael Spreitzenbarth, Felix Freiling Friedrich-Alexander- University Erlangen, Germany michael.spreitzenbart,

Software Architecture of Android Yaodong Bi, Ph.D. Department of Computing Sciences University of Scranton.

Ali Shahrokni Application Components Activities Services Content providers Broadcast receivers.

Rajab Davudov. Agenda Eclipse, ADT and Android SDK APK file Fundamentals – Activity – Service – Content Provider – Broadcast Receiver – Intent Hello World.

Android fundamentals yuan jin mar. 14, android lifecycle.

Erika Chin Adrienne Porter Felt Kate Greenwood David Wagner University of California Berkeley MobiSys 2011.

Developing Security Mobile Applications for Android Presenter, Joel Elixson Author, Jesse Burns of iSEC Partners.

Android for Java Developers Denver Java Users Group Jan 11, Mike

Developing Secure Mobile Applications for Android CS 595 James Zachary Howland.

Overview of Android Application Development

CSCE 201 Web Browser Security Fall CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.

HIPS Host-Based Intrusion Prevention System By Ali Adlavaran & Mahdi Mohamad Pour (M.A. Team) Life’s Live in Code Life.

Android Security Auditing Slides and projects at samsclass.info.

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

Mobile Application Security on Android Originally presented by Jesse Burns at Black Hat

Android System Security Xinming Ou. Android System Basics An open-source operating system for mobile devices (AOSP, led by Google) – Consists of a base.

Wireless and Mobile Security

Dynamic Vetting Android Applications for Privilege-escalation Risks Jiaojiao Fu 1.

VMM Based Rootkit Detection on Android

By, Rutika R. Channawar. Content Introduction Open Handset Alliance Minimum Hardware Requirements Versions Feature Architecture Advantages Disadvantages.

NTHU CS ISLAB 國立清華大學資訊工程研究所資訊安全實驗室 Semantically Rich Application- Centric Security in Android Machigar Ongtang, Stephen McLaughlin, William Enck and.

Java & The Android Stack: A Security Analysis Pragati Ogal Rai Mobile Technology Evangelist PayPal, eBay Java.

THREATS, VULNERABILITIES IN ANDROID OS BY DNYANADA PRAMOD ARJUNWADKAR AJINKYA THORVE Guided by, Prof. Shambhu Upadhyay.

“What the is That? Deception and Countermeasures in the Android User Interface” Presented by Luke Moors.

The Ingredients of Android Applications. A simple application in a process In a classical programming environment, the OS would load the program code.

WHAT THE APP IS THAT? DECEPTION AND COUNTERMEASURES IN THE ANDROID USER INTERFACE.

ANDROID ACCESS CONTROL Presented by: Justin Williams Masters of Computer Science Candidate.

Introduction to Android Programming

The Basics of Android App Development Sankarshan Mridha Satadal Sengupta.

Module 51 (Mobile Device Fundamentals - Android)

Mobile Hacking - Fundamentals

Android Mobile Application Development

Understanding Android Security

Android System Security

Android Runtime – Dalvik VM

AUDACIOUS: USER DRIVEN ACCESS CONTROL WITH UNMODIFIED OPERATING SYSTEM

Mobile Pen Testing w/ drozer

Android.Adware.Plankton.A % Android.Adware.Wapsx.A – 4.73%

Understanding Android Security

Android Platform, Android App Basic Components

Emerging Platform#3 Android & Programming an App

Getting Started with Android…

Presentation transcript:

APKInspector -Static Analysis of Android Applications Student: Yuan Tian Mentor: Cong Zheng Backup Mentor: Anthony Kara Jianwei 08/22/2012

Background of Android Security APKInspecctor - Overview - Features - Demo Introduction

Background

Android Security Scheme Linux process sandbox Permission based component interaction Permission labels defined in AndroidManifest.xml Applications need to be signed Install time security decisions

Permissions Normal android.permission.VIBRATE com.android.alarm.permission.SET_ ALARM Dangerous android.permission.SEND_SMS android.permission.CALL_PHONE Signature android.permission.FORCE_STOP_PAC KAGES android.permission.INJECT_EVENTS SignatureOrSystem android.permission.ACCESS_USB android.permission.SET_TIME

Component Interaction Intents : IPC Android Manifest.xml: Application’s policy file Component Activity: Define screens Service: Background processing Broadcast Receiver: Mailbox for messages from other applications Content Provider: Relational database for sharing information

Application Signature Applications are self-signed; no CA required Signature define persistence –Detect if the application has changed –Application update Signatures define authorship –Establish trust between applications –Run in same Linux ID

Malware Type Abuse of Telephony Services Root Exploitation Sensitive Information Exposure Package Repacking Update attack

Analysis Techniques Ded smali/baksmali Apktool androguard

APKInspector Overview Integrate the previous static analysis tools and provides graphic features which bring convenience to the malware analysis Features: CFG Call Graph Static Instrumentation Permission Analysis Dalvik codes Smali codes Java codes APK Information

Improved Features Improvement of UI Adding of more features to assist the analysis of malware Bug Fix Easy to use Powerful Analysis Flexible

UI Improvement Automatically installation Fine-grained Graph View to Source View Call Graph Navigation Better display of Control Flow Graph

New Analysis Features Reverse the Code with Ded for Java Analysis Static Instrumentation Combine Permission Analysis Add Support for odex

Bug Fix

Usage of APKInspector Installation with Shell Script Analysis of APK

Usage of APKInspector Filter of Malicious behavior by permission analysis

Usage of APKInspector Smali code

Usage of APKInspector Static Code Instrumentation

Usage of APKInspector Dalvik Bytecode

Usage of APKInspector Control Flow Graph

Usage of APKInspector Java

Usage of APKInspector Navigation Back & Forward Current Method displayed

Call Graph Usage of APKInspector

Q&A Thanks!