A distributed approach to mobile malware scanning

A distributed approach to mobile malware scanning

From BruCON 2014

Jump to: navigation, search

In this presentation, we will discuss the advantages of a distributed online mobile malware scanning service for Android. To the service, a range of distributed clients can contribute and share malware scanning results.

In our proof-of-concept called "ApkScan", we’ve implemented several clients that analyze Android samples in a distributed manner. Each client combines static and dynamic analysis techniques to get an understanding of the potential maliciousness of an Android application. Each sample can be analyzed in parallel by a number of clients. Scan results generated by these clients can then be requested and further analyzed through an online API which we will introduce and make public during BruCON.

Finally, we will present statistics on modern Android malware that has been analyzed by ApkScan over the past year. In that time period, more than 25.000 unique user-submitted and app store samples were analyzed.