Adding to what David said: 1. I must create a rules set of acceptable function call flows > which every App must conform to. Any App that starts executing a > strange function call sequence is considered malware and gets killed. > Can I create this rule set with the on-device SQLite RDB?
There is no fool-proof way of doing this and should you succeed in such an approach, make sure that you verify the false positive rate because these "strange function call" sequences can actually be valid in some cases depending on the intended purpose of the application. For instance, sending information out of the phone might not be acceptable for a wallpaper application but perfectly valid for a gaming application. Regards, Rahul On Fri, Sep 16, 2011 at 4:15 AM, David Herges <[email protected]>wrote: > Hi, can't give you answers for all questions, but from what I know: > > > 2. I must create a service component running in the background. >> This must periodically poll every running App and compare its function >> call flow against my rule set RDB. >> >> Ouh...don't think so. The Android maxime is a bit of "all applications are > equal" and I can't imagine how an application could be capable of reading > another application's programmatic control flow; would basically need to > analyse the DVM call stack?! But the VMs are sandboxed from each other...so > even if it was possible in theory, android's security architecture would not > allow this. > > >> 3. Can I achieve all this with just the Android SDK? Or will I >> have to use the Android NDK as well? I don't want to use the NDK >> unless I have to. >> >> I doubt that it is possible by any kind of monitoring application. > Probably, you need to modify the framework itself. But I don't know exactly. > > >> 4. I went through the very helpful tutorial "Understanding >> Android's Security Framework" by William Enck and Patrick McDaniel. >> Is this a new Framework introduced into the Android Libraries layer? >> >> That's just a description how Android's security architecture works. > There's also some papers from Shabtai et al. that focus on Android's > security model. > > > Cheers, > David > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/android-security-discuss/-/tgeF6zy9BRwJ. > > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
