Upload
meryl-tate
View
222
Download
1
Embed Size (px)
Citation preview
APKInspector -Static Analysis of Android Applications
Student: Yuan Tian
Mentor: Cong Zheng
Backup Mentor: Anthony
Kara Jianwei
08/22/2012
• Background of Android Security• APKInspecctor
- Overview
- Features
- Demo
Introduction
Background
Android Security Scheme
• Linux process sandbox
• Permission based component interaction
• Permission labels defined in
AndroidManifest.xml
• Applications need to be signed
• Install time security decisions
Permissions
• Normal
android.permission.VIBRATE
com.android.alarm.permission.SET_ALARM
• Dangerous
android.permission.SEND_SMS
android.permission.CALL_PHONE
• Signature
android.permission.FORCE_STOP_PACKAGES
android.permission.INJECT_EVENTS
• SignatureOrSystem
android.permission.ACCESS_USB
android.permission.SET_TIME
Component Interaction
• Intents : IPC• Android Manifest.xml: Application’s policy
file• Component
• Activity: Define screens
• Service: Background processing
• Broadcast Receiver: Mailbox for messages from other applications
• Content Provider: Relational database for sharing information
Application Signature
• Applications are self-signed; no CA required
• Signature define persistence– Detect if the application has changed – Application update
• Signatures define authorship– Establish trust between applications – Run in same Linux ID
Malware Type
Abuse of Telephony Services
Root Exploitation
Sensitive Information Exposure
Package Repacking
Update attack
Analysis Techniques• Ded• smali/baksmali• Apktool• androguard
APKInspector Overview
• Integrate the previous static analysis tools and provides graphic features which bring convenience to the malware analysis
• Features:• CFG • Call Graph• Static Instrumentation• Permission Analysis• Dalvik codes• Smali codes• Java codes • APK Information
Improved Features
• Improvement of UI
• Adding of more features to assist the analysis of malware
• Bug Fix
Easy to use
Powerful Analysis
Flexible
UI Improvement• Automatically installation• Fine-grained Graph View to Source
View• Call Graph• Navigation• Better display of Control Flow Graph
New Analysis Features• Reverse the Code with Ded for Java A
nalysis• Static Instrumentation• Combine Permission Analysis• Add Support for odex
Bug Fix
Usage of APKInspector
• Installation with Shell Script• Analysis of APK
Usage of APKInspector
• Filter of Malicious behavior by permission analysis
Usage of APKInspector
• Smali code
Usage of APKInspector
• Static Code Instrumentation
Usage of APKInspector
• Dalvik Bytecode
Usage of APKInspector
• Control Flow Graph
Usage of APKInspector
• Java
Usage of APKInspector
• Navigation
Back & Forward
Current Method displayed
• Call Graph
Usage of APKInspector