Qualys opens Android app analysis framework
Qualys has launched an open-source framework to allow users to find out what their Android apps are doing.
Named the Android Security Evaluation Framework (ASEF), the company said that it allows researchers to harvest behavioural data from hundreds of installed application on a device, analyse their run pattern and assess whether they are doing more than what they are supposed to and if personal information is exposed.
According to a blog by Parth Patel, vulnerability signature engineer at Qualys, he created ASEF to perform Android app analysis, while alerting the user about other possible problems.
“[You should] use it to become aware of unusual activities of your apps, expose vulnerable components and help narrow down suspicious apps for further manual research,” he said.
He said that ASEF takes a set of apps, either pre-installed on a device or as individual APK files, and migrates them to the test suite that runs through test cycles on a pre-configured Android Virtual Device (AVD).
This will simulate the entire lifecycle of an Android app on an Android device, triggering behavioural aspects of it and collecting data using ADB (Android debug bridge utility, which is available as a part of an Android SDK) and network traffic using Tcpdump.
Patel said: “During such a simple yet thorough approach of performing a behavioural analysis for various apps, interesting results were found about apps leaking sensitive information such as IMEI, IMSI, SIM card or a phone number of a device.
“Some malicious apps might just send this data in clear text over the internet, and are much easier to be caught by analysing collected behavioural data. However some malicious apps can be sophisticated enough to detect the default settings of a virtual Android device and might behave differently in such settings.”
Patel also said that ASEF is available as open source so users can gain access to security aspects of Android apps by using this tool with its default settings.
“ASEF will provide automated application testing and facilitate a plug and play kind of environment to keep up with the dynamic field of Android security,” he said.