Project 12 - Improving APKInspektor

Student: Yuan Tian
Primary mentor: Cong Zheng
Backup mentor: Anthony Desnos, Kara Nance

Google Melange: http://www.google-melange.com/gsoc/project/google/gsoc2012/nature3/27001

Project Overview:
Android platform is now a focus of attackers and security researchers. It’s very essential to provide a convenient and multi-functional tool to detect and analyze the malware. I’d like to improve the APKInsepctor with improvement of UI and adding of more features to assist the analysis of malware.

Project Plan:

  • STUDENT insert project plan key dates and deliverables here and MENTOR review
  • April 23rd - May20th: Community Bonding Period
  • Now – May 20th: Being more familiar with apkinspector and reading its source code. Finish the automation of installation(model 1).
  • May 21st : GSoC 2012 coding officially starts
  • May 21st – May 25th: Get familiar with the pyQT and Graphviz、pydot.
  • May 26th – June 8th : Modify its graph module to support the transfer between the graph view and source view at instruction level (module 2).
  • June 9th – June 22th: Draw the static call graph (module 3).
  • June 23th – June 26th : Test the added features(mostly about UI), adjust the UI overall.
  • June 27th –July 7th: Main code implementation. Add code for Navigation (module 4). and Repackaging Ability (module 5). Discuss with mentors about the progress and adjust the speed.
  • July 7th – July 8th: Test the finished features. Preparing for the midterm evaluation.
  • ...
  • July 9th - July 13th: Mid Term Assessments
  • July 14th – Aug 5th: Main task is to finish Reverse the Code with Ded and Analysis on Java Codes (module 6). If time permits, implement Display Interaction between malicious applications (module 7).
  • ...
  • August 13th: Suggested "pencils down" date, coding close to done
  • Aug 5th – Aug 20th : Testing and improving documentation.
  • August 20th: Firm "pencils down" date, coding must be done
  • August 24th - August 27th: Final Assessments
  • August 31st - Public code uploaded and available to Google

Project Deliverables:
The new version of APKinspector will be a powerful tool with multiple security functions such as permission analysis and static analysis as well as a user-friendly tool with convenient GUI and easy-to-use configuration. The planned new feature includes but not limited to fine-grained CFG, permission analysis model, call graph, data flow analysis and repackaging.

Project Source Code Repository:
code.google.com/p/apkinspector/

Student Weekly Blog: https://www.honeynet.or/blog/348

Project Useful Links:
APKinspector : http://code.google.com/p/apkinspector/
Androguard: http://code.google.com/p/androguard/
Apktool: http://code.google.com/p/android-apktool/
Dalvik opcodes: http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html
pyQT: http://www.riverbankcomputing.co.uk/static/Docs/PyQt4/html/classes.html

Project Updates:
05/27/2012 Finished Auto-Installation part

June 4th
Done last week:
Apply DED for java decompling and fix some bugs.

Planned for next week:
Add the navigation feature

Issues

June 11st
Done last week:
Implement the navigation button

Planned for next week:
Improve the UI

Issues
None

June 18th
Done last week:
Fix the bug-no output under java tab
Add support for java 50 class files

Planned for next week:
Draw the call flow graph

Issues
None

June 25th
Done last week:
Draw the call flow graph

Planned for next week:
Modify the graph model to support fine-grained features

Issues
None

July 2nd
Done last week:
Design how to generate fine-grained control flow graph

Planned for next week:
Implement the code of fine-grained control flow graph

Issues
None

July 9th
Done last week:
Finish part of the fine-grained control flow graph
Prepare for the mid-term evaluation

Planned for next week:
Keep on working with the interaction between the control flow graph view and Dalvik view

Issues
None

July 20th
Done last week:
Finish the mid-term evaluation
Add support for analysis of .odex file

Planned for next week:
Plan for adding more analysis functions

Issues
None

August 2nd
Done last week:
Cut down the content shown in the Control Flow Graph to get a better view

Planned for next week:
Add permission analysis module

Issues
None

August 15th
Done last week:
Add the static instrumentation to track the sensitive APIs

Planned for next week:
Add permission analysis module

Issues
None