Have you ever looked at your Android apps and wondered if they are watching you as well…?
Whether it’s a bandwidth-hogging application, aggressive adware or even malware, it would be interesting to know if they are doing more than what they are supposed to and if your personal info is exposed. Is there really a way to automatically evaluate all your applications to harvest their data, analyze their run patterns and at the same time provide an interface to facilitate a majority of evolving security tests with most practical solutions?
Android Security Evaluation Framework (ASEF) performs this particular analysis while alerting you about other possible problems. It will make you aware of the unusual activities of your applications and it will expose vulnerable components and help narrow down suspicious applications for further manual research. The framework will take a set of applications (either pre-installed on a device or as individual APK files) and migrate them to the test suite where it will run it through test cycles on a pre-configured Android Virtual Device (AVD).
During the test cycles the applications will be installed and launched on the AVD. Android Security Evaluation Framework will trigger certain behaviors by sending random gestures and later uninstall the application automatically. It will capture log events, network traffic, kernel logs, memory dump, running processes and other parameters at every stage which will later be utilized by the Android Security Evaluation Framework analyzer.
The analyzer will try to determine the aggressive bandwidth usage, interaction with any command and control (C&C) servers using Google’s safe browsing API, permission mappings and known security flaws. Android Security Evaluation Framework can easily be integrated with other open source tools to capture sensitive information, such as SIM cards, phone numbers and others.
Android Security Evaluation Framework is an Open Source tool for scanning Android Devices for security evaluation.
Users will gain access to security aspects of android applications by using this tool with its default settings. An advanced user can fine-tune this and expand upon this idea by easily integrating more test scenarios or even find patterns out of the data it already collects. Android Security Evaluation Framework will provide automated application testing and facilitate a plug and play kind of environment to keep up with the dynamic field of Android Security.