Yesterday we released the first version of ApkScan! For those who can’t wait to run some of your Android applications through the scanners, ApkScan can be found at http://apkscan.nviso.be/. Two example reports generated by ApkScan can be found here and here. More details after the screenshot.
As we mentioned during a previous blog post, ApkScan allows you to scan Android packages for malicious activity. For this analysis, we use a combination of static and dynamic scanning techniques. Although we are planning on continuously adding and improving existing and new scanning methods, the current version of ApkScan already performs the following analysis:
Static analysis
- Analysis of AndroidManifest.xml
- Registered permissions
- Registered services
- Analysis of disassembled source code
- Extract hard-coded URL’s
Dynamic analysis
- Behavioral analysis using Droidbox
- Behavior graphs
- Placed phone calls
- Sent SMS messages
- Cryptographic activity
- Information leakage (network / SMS / file)
External services
- Virus scan of original samples using the VirusTotal API
- URL scan of hard-coded URL’s using Google Safe Browsing API
In order to support these scanning features, we have implemented our own ApkScan API client. This client fetches the uploaded samples in a BackTrack machine, and analyses and runs the samples in a sandboxed environment.
We look forward to your feedback and suggestions! We will be posting more updates soon so keep an eye out on this blog!