Researchers at stealth mobile security startup Bluebox Security released a new tool to analyze Android applications for vulnerabilities that could be exploited by malware or cause the application to leak sensitive data.
The San Francisco-based firm said the free Android application analysis tool, called Dexter, provides detailed software architecture information. Jeff Forristal, chief scientist at Bluebox and lead researcher at Bluebox Labs, told CRN the new tool is more like a cloud-based application analysis service. Users can upload an Android .Apk file into the service and it performs the application analysis, decompiling it and conducting static and dynamic analysis.
"The company gives the user an environment to explore the nuances of the application to chase down whatever type of information they are looking for," Forristal said.
The new tool can be used by security firms to dissect an application and make a signature to protect users, Forristal said. The tool also can help software developers determine if intellectual property is at risk in an application or if other weaknesses exist, he added.
"Whether it is for IP theft or reverse-engineering an app to understand how it works, we think this helps provide a more robust static and dynamic analysis engine that the community has a need for," Forristal said.
Bluebox, which remains in stealth mode, is headed by Caleb Sima, who was co-founder and chief technology officer of SPI Dynamics before it was acquired by Hewlett-Packard, and was CTO of HP's Application Security Center. He also was CEO of San Francisco-based software security firm Armorize Technologies. At Bluebox, Sima is focusing the firm on tools to mitigate data theft on mobile devices and mobile application security.
The new Dexter tool, named for the Dalvik Execution (.dex) files within Android applications, also has collaboration features so development teams can work together to identify vulnerabilities that can be exploited by malware, Forristal said. The analysis capabilities include heuristic results, a flexible tagging system and an API for automated processing.
While reverse-engineering and code analysis tools are maturing, security researchers specializing in mobile security threat research say the techniques are still disjointed, with multiple tools used for various processes and many tools performing inconsistently. Dexter targets the abstract layer or the Java equivalent implementation of the applications, Forristal said, making it useful for all Android platforms, regardless of the OEM version.
"Dexter does not say here is a problem or here is malware," Forristal said. "It will say here is the application behavior that is occurring so an analyst can decide if it is problematic."
Android malware has steadily increased in the past two years, driven mainly by apps downloaded from third-party app markets and the increasing market share of Google's Android platform. Apps that charge premium fees via SMS message are the main culprit, but some apps are aggressively bilking users of sensitive personal and device data. A recent report by security firm F-Secure documented new Android threats, including mobilized banking malware and information-stealing Trojans that surfaced on devices in Asia and Eastern Europe.
Forristal said that while Android malware isn't at a level that warrants a serious concern for enterprises, businesses want the ability to know that data sitting at rest on employee devices isn't at risk of being lost to rogue applications or other threats. Bluebox, Forristal said, will not favor any particular platform and has had conversations with all the platform makers, but he declined to share any further details of the company's plans.
PUBLISHED MARCH 14, 2013