Skip to main content

Analyzing and dissecting Android applications for security defects and vulnerabilities

posted onJuly 14, 2011
by l33tdawg

In March 2011, 58 malicious applications were found in the Android Market. Before Google could remove the applications from the Android Market they were downloaded to around 260,000 devices. These applications contained Trojans hidden in pirated versions of legitimate applications. The malware DroidDream exploited a bug which was present in Android versions older than 2.2.2.

Android device manufacturers and carriers work in tandem to distribute Android-based updates and didn't issue patches for the DroidDream exploit, leaving users vulnerable. Google said the exploit allowed the applications to gather device specific information, as well as personal information. The exploit also allowed the applications to download additional code that could be run on the device which allowed attackers to potentially gain access to sensitive information.

This article introduces ScanDroid for Android applications, using Ruby code to show how it works and demonstrate how to implement it. This code is a prototype to highlight the capabilities of using ScanDroid.

Source

Tags

Android Software-Programming Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th