Android is an open software platform for mobile devices with a large market
share in the smartphone sector. The openness of the system as well as its wide
adoption lead to an increasing amount of malware developed for this platform.
ANANAS is an expandable and modular framework for analyzing Android
applications. It takes care of common needs for dynamic malware analysis and
provides an interface for the development of plugins. Adaptability and
expandability have been main design goals during the development process. An
abstraction layer for simple user interaction and phone event simulation is
also part of the framework. It allows an analyst to script the required user
simulation or phone events on demand or adjust the simulation to his needs. Six
plugins have been developed for ANANAS. They represent well known techniques
for malware analysis, such as system call hooking and network traffic analysis.
The focus clearly lies on dynamic analysis, as five of the six plugins are
dynamic analysis methods.Comment: Paper accepted at First Int. Workshop on Emerging Cyberthreats and
Countermeasures ECTCM 201