The Android platform has become one of the go-to choices for developers and device manufacturers in the last year or so, and that popularity has of course attracted the attention of attackers who have been busily coding up as much malware as they can for the platform. They’ve been quite successful, with hits such as DroidDream and its sequels popping up in dozens of compromised apps in the Android Market this year. Now, defenders are getting some tools of their own to help address the problem, with the release of the Android Reverse Engineering suite.
The ARE toolset is implemented as a virtual machine, and it gives users a slew of individual tools that they can use to analyze and take apart pieces of Android malware on a desktop PC in a safe environment. The system, which was developed by the French contingent of the Honeynet Project, comprises 10 separate tools, including Androguard and the Android SDK. The full list of tools includes:
- Androguard
- Android sdk/ndk
- APKInspector
- Apktool
- Axmlprinter
- Ded
- Dex2jar
- DroidBox
- Jad
- Smali/Baksmali
The Android platform has quickly emerged as the favorite mobile platform for malware writers in 2011. The various waves of DroidDream malware that have washed up in the Android Market are the most prominent example, but there have been a number of other, smaller attacks, as well. The Android Market is a much more open environment than the iTunes App Store and attackers have found it easy enough to get their wares into the market and onto Android devices that they haven’t really bothered much with the iPhone platform at this point.
Security researchers who have looked at the security features of Android and iOS have said that iOS is a more secure platform, and the iPhone operating system has included protections such as ASLR and DEP for some time now. The most recent Android iteration, known as Ice Cream Sandwich, now includes the ASLR memory protection, too. The openness of the Android platform has been cited as a contributing factor to the prevalence of malware for those devices, but it also can be said that openness enables the production of toolsets like ARE that give researchers and developers a good look at the way those pieces of malware work.