Android App Dissection on the Wandboard – Evolving the Platform Into One-Button Solution

How can Android applications be examined for malicious behavior in a quick and easy manner? Is the process of analysis automatable? Can the results be categorized in an easy way? The growing number of mobile malware for Android and their increasingly complex structures and intelligent concealment techniques are bringing investigative agencies to their limits in regards to personnel and finances. In this paper, we present an innovative approach to an automated, platform overarching and parallelizable investigation of Android applications. In the Introduction, we give an overview of the analysis system and the implemented hybrid analysis methods, which ensure the holistic research of Android apps. The basis of the real device analysis infrastructure is a Preboot Execution Environment (PXE). The developed client-server environment is scalable, extensible and makes it possible to automate and process a large number of apps in parallel. Afterwards, we describe the components, structure and individual configuration of the system. In the next step, we show the functionality of the process flow within the scope of a test data record. Furthermore, we evaluate the developed PXEbased Android analysis infrastructure. The focus hereby lies on criteria like performance, scalability and flexibility.