Android Malware Analysis Presentation Prep
I stated in a previous post that I had one of my CFP (Call for Papers) proposals accepted. The following is the accepted proposal:
Getting Started with Android Malware Analysis
The Android operating system has been around since 2008 and has also been open source from the beginning.
Leaving things open source allows for a lot of apps to slide thru the cracks when it comes to security.
At one point a flashlight app made the news for stealing user information when all it was
suppose to do is turn on the camera light. This small incident has sparked tools that allow one
to get into android malware analysis.
To my knowledge there is not a set tool that developers can use to make sure that their
application can’t be exploited. I spent years studying and building malware and now would like
to help others to get into the malware analysis side in hopes that a general tool can be made
for check applications before being published for consumer use. I’ll take you thru setting up
your environment and analyzing a controlled application apk. At the end of the talk you should
leave excited to look more into Android malware analysis and the Android system as a whole.
TLDR: I’m talking about looking for security holes in Android apps
Getting accepted for this was like a dream come true. I started my security interest in Nashville, I’m from Nashville, and this is a baby step into security as a career happening in Nashville. After getting over all of that I of course made social media post because that’s what people my age do.
How am I preparing for the talk?
Well after freaking out a little I made a plan. I read a lot of security stuff because I’m a grad student BUT I wanted to narrow down what I read to focus on malware analysis. I also thought about how I want to structure my slides. When I wrote my proposal I figured I’d structure my presentation as the following
- Who I am: My intro
- Android background: How I got into this stuff
- Intro demo malware app: demo of an app running in a sandboxed environment
- Demo of how to analyze app: Things to look for on analysis
- How to present learnings: How to present your findings
- Questions
As of writing this I'm think of the following structure:
- Who I am
- Android Brackground
- Tools used for analysis
- Demo of malicious app
- Demo using tools
- How to present learnings
- Tools for the developers
- Resources
Where am I on this?
As of reading this I have an intro, I reached out to my ugrad professor and got papers for reference for what I use to do, and I found a way to present findings. There are a lot of places you can go to find demo apps so I’ve also been looking for other papers on how to get started and I’m going to be replicating them for proof of concept.
When it comes to presenting findings, I really want to push the perspective of being a student and doing bug bounties. I’m a student so that perspective is easy for me to talk about but I’m also dipping my toes into this in the real world with bug bounties. The unique part of this that I want to emphasize is that I’m a mobile developer so I know what it’s like to unknowingly leak info.
What is my end goal?
I really want get people talking about a way for the blue team security and devs to come together for the creation of a tool for checking code before publishing to the playstore. The use cases are endless for a tool like this. It would be helpful for new Android devs and for people that pay for a 3rd party to create their applications. I think I have a cool position to help since I'm a developer and also into the security side of things.
My end goal for this 30min talk is for people to have an idea of the tools needed to get started in Android Malware Analysis, and for people to be generally more excited about the Android system. I know that last point is kinda hard but Android being an Open Source Operating System means not only can it be easier for people to slide in malicious code, but could be a new exciting frontier for entry level app security people.