OWASP AppSec Europe 2015

Current mobile malware detection solutions seem to be particularly good at something very specific, and use some specific detection mechanism. However, most of them are not extensible and the analysis technique is a black box. That is why we started our mobile malware detection research project by combining existing free-to-use solutions. We have also built our own static and dynamic analysis component. In this presentation, we dive deep in to the categories of checks that we've researched and implemented in our analysis components to complete existing techniques and create a better view on the scanned mobile sample.

The results of such distributed scan are presented in a report that can be interpreted by end-users, answering basic questions such as “Is this sample trying to send a text message to a premium number without my consent?” (which 15% of the apps we scanned does). Because of the distributed approach, we can answer more complex questions, including: “Did the sample behave differently in a sandboxed (virtual) environment than it did on a physical phone?”.

Our research project is free to use (http://apkscan.nviso.be ), contains a publicly available API and is used by researchers and companies around the world. In this presentation we give a broad range of statistics and interesting examples of what we found in thousands of scanned Android applications.