
Android developer is a new big deal to earn money from applications, in google play store millions of applications that we can installs on smartphones, but attacker can hide virus on real applications espically if you download the apps not from play store. Attacker can spy on with games applications that you install in your phone. We need to analyze which android application contains a virus.
Overview
Smalien is an information flow analysis and information leakage detection tool for Android application analysis. Smalien performs static taint analysis of Android applications on a Linux machine as well as dynamic taint analysis, detection of information leakage due to implicit information flows, and privacy policy enforcement on an Android device at runtime.
Black Hat USA 2019 Arsenal
Currently, we are working on another branch, demo-master. Please check it out to get programs that we have used at the Arsenal.
Smalien has following functions
- Analyzing an Android application statically and gathers information of classes, methods, variables, etc.
- Presenting the results of the analysis graphically such as a method call graph and an information flow diagram.
- Performing dynamic taint analysis on an Android device.
- Enforcing privacy policy specified by an analyst.
- Detecting information leakage due to implicit information flows.
- Logging actual information operated by any bytecode or API call, such as http request, at runtime to encourage an analyst in his/her inspection.
Required Tools
- Apktool
- jarsigner
- keytool
- adb
Usage
Check our Wiki for full instructions.
Run static analysis
It generates parsed_data.json and data_flows.json as the results.
Generate graphs
It generates output_class_calls.md and output_data_flows.md as the results. These files includes scripts for mermaid. You may use a markdown viewer such as Haroopad to check the graphs.
Run dynamic analysis
New apk file implanted.apk is placed in smalien/hive/workspace/. Install it to your Android device by following command and run it.
Currently, Smalien is a prototype of our academic research and doesn’t have full-function. We are working on it!