Ken Dunham Android Package Analysis
Almost everyone uses an Android operating system or knows of someone who does. It is also true that most people know very little about how to see if an app is legitimate or malicious! Even in a legitimate marketplace like Google Play, malicious apps may exist for short periods of time.
Dunham will introduce students to Android application package files (APKs) and how they are used. Students will then install a few core tools (e.g. APKTools) inside a Linux environment and learn to perform static analysis of Android apps.
Static analysis includes investigating APK file details and hash values, unpacking and investigating contents, decoding XML for human-readable AndroidManifest permissions review, reviewing certificate details, analyzing strings, decompiling an APK (it's not that hard, really!), and reviewing all meta-data (which can be extensive).
Required setup:Laptop with Ubunto OS
- Preferred: Windows laptop running Ubunto OS inside a virtual machine
- Sufficient: Laptop with Ubunto OS
Note:A download of software to install during class will be provided to registrants several days prior to workshop. Students using a Windows host with a Linux virtualized environment can easily view converted APK files as a JAR inside of JD-GUI.
Recommended skills: Participants should have some experience using Ubuntu Linux and must be able to run command line code. Participants do not need to know complicated Smali code nor be a Linux expert.