Montana State University
IT Center Home > MSU Security Conference > 2013 Pre-Conference Workshop

MSU IT Center

Renne Library Commons
P.O. Box 173240
Bozeman, MT 59717-3240
406-994-1777 |

Chief Information Officer

Jerry Sheehan

Information Security Officer

Rich Shattuck
MSU Enterprise Security Icon

2013 Security Workshop
September 24th · 8:00 - 5pm
Strand Union Building - Room 233


Ken Dunham Android Package Analysis

Almost everyone uses an Android operating system or knows of someone who does. It is also true that most people know very little about how to see if an app is legitimate or malicious! Even in a legitimate marketplace like Google Play, malicious apps may exist for short periods of time.

Dunham will introduce students to Android application package files (APKs) and how they are used. Students will then install a few core tools (e.g. APKTools) inside a Linux environment and learn to perform static analysis of Android apps.

Static analysis includes investigating APK file details and hash values, unpacking and investigating contents, decoding XML for human-readable AndroidManifest permissions review, reviewing certificate details, analyzing strings, decompiling an APK (it's not that hard, really!), and reviewing all meta-data (which can be extensive).

Required setup:Laptop with Ubunto OS

  • Preferred: Windows laptop running Ubunto OS inside a virtual machine
  • Sufficient: Laptop with Ubunto OS

Note:A download of software to install during class will be provided to registrants several days prior to workshop. Students using a Windows host with a Linux virtualized environment can easily view converted APK files as a JAR inside of JD-GUI.

Recommended skills: Participants should have some experience using Ubuntu Linux and must be able to run command line code. Participants do not need to know complicated Smali code nor be a Linux expert.