- Supports Web UI both in English and Chinese, in which examiners can upload
and analyze Android apps.
- Supports the display of basic information of the app under inspection (e. g.
MD5/SHA256 value, SDK version,
app name, file type, file size, analysis platform and its time consumption,
etc.).
- Supports sandbox with both virtual machine and physical machine; for the
physical sandbox with a mobile device
or tablet computer, both static and dynamic analysis can be performed.
- Support result indication of the analyzed app, in which our solution can
tell whether the app uses dangerous
permissions and utilize the hash value of the app, via automatically
verifying it with the VirusTotal database, to find out its security rating.
- Support project-oriented management, in which examiners can see the app
inspection records of the project, and can create/delete projects if needed.
- Supports automatic and manual analysis, which can proceed respectively at
the same time and display the inspection progress.
- Supports batch uploading of multiple apps for analysis and can display the
progress.
- Support dynamic analysis to app behavior (e. g. privilege escalation, access
to specific data, audio recording, access to camera, external connection,
use of Native Code components, use of Dynamic Code, external networking,
etc.).
- Supports capturing and analysis to the content of unencrypted network
packets; also, the geo-location of the packet flow destination IPs can be
displayed with a visualized world map UI.
- Supports man-in-the-middle method to decrypt and display the packet content
of which the packets utilize encrypted https connections.
- Supports the display of supported TLS version, encryption algorithm(s), key
length and the information regarding the organization(s)/country(ies) which
issued the certificate ,etc., for the connections utilizing HTTPS.
- Supports the inspection on whether the app utilize AES or DES encryption
when accessing information and can obtain the inputted parameter(s) and
encryption key (if any).
- Supports the display of SMS sending and call-out behaviors, including the
content of SMS and the dialed number(s).
- Supports listing out the corresponding times of the files read, generated,
or deleted during the process of analysis to the app(s).
- Supports listing out all the broadcast receivers called during app
execution.
- Supports listing out the SQL syntax and time utilized by the app in the
access to the database.
- Supports screenshot capture to the app operation screen, and can display it
in the report of analysis results.
- Supports the analysis to information/records regarding the surroundings. (e.
g. WiFi, GPS, Bluetooth, NFC, IMEI, IMSI, etc.)
- Supports decompilation to the analyzed app.
- Supports static analysis, which is able in tell whether the behaviors listed
below exist: privilege escalation, access to specific data, audio recording,
access to camera, external connection, etc.
- Supports checking whether there is AES or DES encrypted code.
- Supports listing out the permission list of apps, and can mark whether the
declared permissions in the permission list are corresponding those of the
decompiled code functions.
- Support generation of a visualized correlation analysis diagram of function
call.
- Supports keyword search and automatic highlighting to hits in the search
results to objects which came from the overall process of analysis,
including (but not related to): decompiled content of the program, packet
content, content of system log, content of files within app folder(s), etc.
- Supports customization of keyword groups in advance in order to compare the
test results of each app.
- Support export of IP address of networking behavior.
- Support report generation into .html or .pdf format, in which all the
detailed information/records of analysis process will be listed. Examiners
can also print out keyword search results.
- Support report generation; examiners can click the items they need and
generate report accordingly.
|