Tracking Android Malware and Auditing App Privacy for Fun and Non-Profit

Presented at A New HOPE (2022), July 22, 2022, 5 p.m. (50 minutes)

Our devices are a window into our souls, and contain a vast trove of information that is valuable to both data-driven big business and hackers alike. On the surface, a popular social media app promoted on the Google Play Store and a piece of malware side-loaded onto a device may seem very different. From the perspective of reverse engineers and analysts of Android apps, however, the tools and methodologies are the same. Using a combination of static and dynamic analysis, we can begin to understand the behavior of apps that are installed on our devices, and see exactly what data they are siphoning and sending out. In this talk, Bill will cover the tools, techniques, and device configurations used to conduct a privacy audit of a popular app or a behavioral analysis of a piece of malware. Drawing from his investigation of the popular Ring doorbell app to his more recent work dissecting a piece of malware which used Tor to discover a command and control (C2) server, this talk will be infused with real-world research and examples of both. In addition, the “apkeep” tool developed at EFF provides a powerful addition to the toolbox for anyone interested in downloading apps from various sources and app markets. Finally, he’ll present a configuration of a single Android device that can do real-time interception of encrypted network communication from apps run on it while on-the-go, which can be useful for when apps change based on location or user behavior. If your interest is in reverse-engineering Android malware, in auditing the sensitive information which is habitually gathered by ostensibly legitimate data-driven businesses, or just in learning a little more about the world of app analysis, this talk will have something for you.

Presenters:

• Bill Budington
  **Bill Budington** is a longtime activist, cryptography enthusiast, and a senior staff technologist on EFF’s tech projects team. His research has been featured in The New York Times, The Los Angeles Times, The Guardian, and cited by the U.S. Congress. He is the lead developer of Panopticlick, led HTTPS Everywhere from 2015 to 2018, and has contributed to projects like Let’s Encrypt and SecureDrop. His primary interest lies in dismantling systems of oppression, building up collaborative alternatives and, to borrow a phrase from Zapatismo, fighting for a “world in which many worlds fit.” He loves hackerspaces and getting together with other techies to tinker, code, share, and build the technological commons.

Links:

• https://scheduler.hope.net/new-hope/talk/7WDDSM/
• https://infocon.org/cons/2600/A New HOPE (2022)/A New HOPE (2022) Tracking Android Malware and Auditing App Privacy for Fun and Non-Profit.mp4
• https://infocon.org/cons/2600/A New HOPE (2022)/A New HOPE (2022) Tracking Android Malware and Auditing App Privacy for Fun and Non-Profit.srt (subtitles)

Similar Presentations:

• VB2016 / Wild Android Collusions
• VB2017 / Habo SecBox: run and monitor malware on real Android device (sponsor presentation)
• VB2015 / Last-minute paper: From Asia with love? Smartphones with pre-installed malware