Analyzing and dissecting Android applications for security defects and vulnerabilities

In March 2011, 58 malicious applications were found in the Android Market. Before Google could remove the applications from the Android Market they were downloaded to around 260,000 devices. These applications contained Trojans hidden in pirated versions of legitimate applications. The malware DroidDream exploited a bug which was present in Android versions older than 2.2.2.

Android device manufacturers and carriers work in tandem to distribute Android-based updates and didn’t issue patches for the DroidDream exploit, leaving users vulnerable. Google said the exploit allowed the applications to gather device specific information, as well as personal information.

The exploit also allowed the applications to download additional code that could be run on the device which allowed attackers to potentially gain access to sensitive information.

This article introduces ScanDroid for Android applications, using Ruby code to show how it works and demonstrate how to implement it. This code is a prototype to highlight the capabilities of using ScanDroid.

For simplicity, we will consider three vulnerabilities for an Android application:

1. Read/WritetolocalStorage

2. AccessexternalURL

3. MakeSocketConnection

This document explains the following aspects:

  • ScanDroid Overview
  • Using ScanDroid
  • Using ScanDroid library with interactive Ruby (irb).

Download the complete paper here.