SandDroid - An automatic Android application analysis system. See User's Manual.

Static Analysis:

• Basic Information Extraction: file size, file hash, package name, SDK version, etc
• Certification Analysis: Parse the certification and check if it's from AOSP.
• Category Analysis: Classify the APK to different categories based on the permission information
• Permission Analysis: Extract permissions (include customized permissions) and detect if the declared permission is used
• Component Analysis: List all the components (include dynamically registered broadcast receivers) and analyze if the component is exported
• Code Feature Analysis: Check native code, java reflection, dynamic loader usage
• Advertisement Module Analysis: Extract all the advertisement modules
• Sensitive API Analysis: List all the sensitive APIs and the caller code path
• etc...

Dynamic Analysis:

• Network Data Record: capture all the network data during the APK's running period
• Http Data Recovery: recover data from http flow
• IP Distribution Analysis: parse IP information based on the extracted URLs
• File Operation Monitor: record file path and data
• SMS & Phone Call Monitor: record sms sent and phone call
• SMS Block Monitor: record sms block behavior
• Crypto Operation Monitor: record crypto usage
• Data Leakage Monitor: data leakage
• etc...

Comprehensive Analysis：

• Risky Behaviors Summary: list risky behaviors
• Risk Score: Calculate the risk score based on the static and dynamic analysis result