dc.description.abstract | The number of Android devices on the market is increasing and so is its user base.
Malware authors see opportunities in this increase of Android devices by the means of
economical profit, stealing private information or simply controlling devices. Lately, this
threat has escalated. In order to prevent malicious applications from spreading, several
analysis tools have been released, introducing static analysis of Android packages. As of
yet, there is no dynamic analysis tool publicly available. Therefore, this thesis project
aims at understanding an Android application sandbox system with the intent to provide
an initial understanding of the behavior of unknown packages through analysis during
runtime. By utilizing dynamic taint analysis to detect data leakage and inserting API
hooks using physical modification of the Android framework, several interesting and
potentially harmful operations performed by a package can be detected. Additionally, to
get an overview of the operations performed during runtime, an analysis report is
generated, much like the ones in traditional sandboxes. Furthermore, by visualizing the
package behavior can facilitate in the interpretation of text-based reports as well as
determining similarity between analyzed packages. | en_US |