Information flow tracking on taintdroid

Abstract

The number of Android devices on the market is increasing and so is its user base. Malware authors see opportunities in this increase of Android devices by the means of economical profit, stealing private information or simply controlling devices. Lately, this threat has escalated. In order to prevent malicious applications from spreading, several analysis tools have been released, introducing static analysis of Android packages. As of yet, there is no dynamic analysis tool publicly available. Therefore, this thesis project aims at understanding an Android application sandbox system with the intent to provide an initial understanding of the behavior of unknown packages through analysis during runtime. By utilizing dynamic taint analysis to detect data leakage and inserting API hooks using physical modification of the Android framework, several interesting and potentially harmful operations performed by a package can be detected. Additionally, to get an overview of the operations performed during runtime, an analysis report is generated, much like the ones in traditional sandboxes. Furthermore, by visualizing the package behavior can facilitate in the interpretation of text-based reports as well as determining similarity between analyzed packages.