| Resumen |
Armagedroid, a software for static analysis of Android APKs, arises with the objective of assisting in the decision making by the user analyst, who must evaluate, thanks to the metadata obtained by the program, if it is a reliable package or a possible malware application, automating the procedures involved in this type of analysis. Consistent phases of the Armagedroid analysis consider the APK structure, its contents, its manifest file to extract the package, permissions and archive activities using action modules. The result obtained with the use of the tool is the gathered information from each module applied to a benign APK and one with malware, which, once compared, distinguish that the malicious package requests more permissions than the trusted APK and with just having an activity. The contributions of Armagedroid in comparison with other programs of static analysis are: the validation that the file loaded in memory is really an APK, checking its size, obtaining its content and generating the analysis report of the APK which consists of the information of the metadata obtained from the APK: the name, size in bytes, integrity checksums, which are MD5, SHA1 and SHA256, APK content , information of the files it contains, the name of the package, the list of activities and permissions of the APK in order to make the results known to the user. |
