ABSTRACT

AndroSAT: Security Analysis Tool for Android Applications

With about 1.5 million Android device activations per day and billions of applications installation from Google Play, Android is becoming one of the most widely used operating systems for smartphones and tablets.

Besides typical personal usages, Android mobile devices are also being integrated into enterprises, government organizations, and military networks. Consequently, these devices hold valuable sensitive information which makes them face the same level of malicious attacks that have targeted the desktop environments over the past three decades.

In this thesis, we present AndroSAT, a Security Analysis Tool for Android applications. The developed framework allows us to efficiently experiment with different security aspects of Android apps through the integration of (i) a static analysis module that scans Android apps for malicious patterns. The static analysis process involves several steps such as n-gram analysis of dex files, de-compilation of the app, pattern search, and analysis of the AndroidManifest file; (ii) a dynamic analysis sandbox that executes Android apps in a controlled virtual environment which logs low-level interactions with the operating system.
The effectiveness of the developed framework is confirmed by testing it on popular apps collected from F-Droid, and malware samples obtained from a third party and the Android Malware Genome Project dataset. As a case study, we show how the analysis reports obtained from AndroSAT can be used for studying the frequency of use of different Android permissions and dynamic operations and detection of Android malware.