If it does not belong anywhere else and has to do with Android post it here.
Oct 23rd, 2013, 7:39 pm
Sadly, only a few sites around are providing the possibility of deep scanning .apk-files. Like sandboxes and decompilers, they explore the applications and provide you with a list of their components.
Well, there is now a thread about it :).

Currently in the list:
• Andrototal
• APK-Analyzer
• Anubis
• CopperDroid
• ForeSafe
• Mobile-Sandbox
• NVISO
• SanDroid
• Tracedroid

Andrototal:
Image
Andrototal is currently in BETA. It offers scans from multiple, android-specific scanners, like Kaspersky, Norton, Trendmicro, etc. Current version used for android analysis is 4.1.2. They plan to eventually allow users to choose between various versions of Android and versions of the scanners but for now you're stuck with only 4.1.2. Check the advanced-scan if you're interested in it.


Max. filesize: 20MB
Sample: http://andrototal.org/scan/result/set/31094
Homepage: http://andrototal.org

Anubis:
Image
Like the core-Anubis does for Windows PE executables, Andrubis executes Android apps in a sandbox and provides you with a detailed report on their behavior, including file access, network access, crypto operations, dynamic code loading and information leaks. In addition to the dynamic analysis in the sandbox, Andrubis also performs static analysis, yielding information on e.g. the app's activities, services, required external libraries and actually required permissions.
To analyze apps straight away from your smartphone, check out our experimental submission app! Available in the Play Store soon.


Max. filesize: 8MB
Sample: https://anubis.iseclab.org/?action=resu ... ormat=html
Homepage: https://anubis.iseclab.org

CopperDroid:
Image
This nice little helper will somehow decompile the apk-file. After an analysis, you can click on each found option to see what's included. Pretty handy if you know what you're doing. Not a direct scanner but it will help you to figure out what the apk includes.


Max. filesize: Unknown. A test with a 35MB file crashed, but I think 15 or 20MB will fit.
Sample: http://copperdroid.isg.rhul.ac.uk/copperdroid/view.php?id=3697
Homepage: http://copperdroid.isg.rhul.ac.uk/copperdroid

ForeSafe:
Image
ForeSafe Online Scanner is a free service that performs deep static analysis of Android applications to detect any malicious or dangerous activity within the apps.

Once analyzed online, the submitted app is forwarded to ForeSafe SandBox to be analysed dynamically on a back-end processing server.


Max. filesize: 20MB
Sample: http://www.foresafe.com/report/9DF3023DFB0EA305E1F63F016DA9879D
Homepage: http://www.foresafe.com

NVISO:
Image
NVISO provides a full sandbox report about leakages, like unwanted SMS, network or other information. It should provide a screenshot as well but sometimes fails to do this. Not the biggest problem nor is it necessary, but I had to mention it.


Max. filesize: Unknown. A test with 35MB failed. 15 to 20MB will probably fit well.
Sample: http://apkscan.nviso.be/report/show/2d88fb16d88478f8c3e20c8de8ae9ea2
Homepage: http://apkscan.nviso.be/

SanDroid:
Image
SandDroid is an automatic Android application analysis sandbox.
Upload an APK file, and get the static and dynamic analysis report in a few minutes.
The static analysis includes Permission Analysis, Component Analysis, Malware Detection, Classification Analysis, etc.
Permission Analysis: List all the permissions in AndriodManifest.xml of an application, and check their security level through the customized rules.
Component Analysis: Extract all the components used in the application and also list the exposed components.
Malware Detection: Detect Android malware based on extracted features and list the classes which contain malicious code.
Classification Analysis: Use Weka to classify a sample with customized classification models to show which category the sample most likely belongs to. The following is a list of categories:
normal: A normal application which requires no special permission.
map: An application related to navigation.
callsms: An application which may make phonecalls and send short messages.
camera: An application which can use the camera to take pictures.
system: An application which requires lots of sensitive permissions and can execute high-privilege actions.
network: An application which may use or set network while running.
book: an e-book application.
The dynamic analysis monitors dynamic behaviors while an application runs, including File operations, Network behaviors (get/post requests, tcp/udp connections, etc.), Privacy Leakage, etc.


Max. filesize: 20MB
Sample: http://sanddroid.xjtu.edu.cn/report_vie ... ABEDA2DF69
Homepage: http://sanddroid.xjtu.edu.cn/

Tracedroid:
Image
Tracedroid allows you to upload any Android APK file (i.e., an Android app) for automated analysis. Tracedroid records the behavior of the executed app, such as its network communication, the UI, but also its internal function calls and Java code that is executed. To trigger the app's real behavior, Tracedroid emulates a few actions, such as user interaction, incoming calls and SMS messages, etc. - this will reveal most malicious intents of an app (if any). If you are curious about all the technical details, please have a look at Victor's great Master thesis on Tracedroid.


This site is for real for developers and reversers! It will provide a full pcap, monkey, logcat, callgraph, etc. Pretty nifty!

Max. filesize: 25MB
Sample: http://tracedroid.few.vu.nl/reports.php?md5=2255b0994e7e624f2983b0f8f2227a1a
Homepage: http://tracedroid.few.vu.nl/

Mobile-Sandbox:
Image
Mobile-Sandbox.com is part of the MobWorm project and provides static and dynamic malware analysis for Android OS smartphones.

This service is still under continuous development and is run purely as a research tool and a best effort service.


The service itself is really slow. The informations provided are not really much for the time, you have to wait. Just included to catch all possible services. Not really recommended.

Max. filesize: Unknown (Not tested, since the service is really slow)
Sample: http://mobilesandbox.org/report/?q=116253
Homepage: http://mobilesandbox.org/

APK-Analyzer:
Image
APK Analyzer is a generic platform for automated analysis of Android Application Package (APK) files. It's built on top of Joe Sandbox Mobile.

Joe Sandbox Mobile analyzes potentially mobile threats statically as well as dynamically by installation and execution in virtual machines. By using an signature set Joe Sandbox Mobile identifies important key characteristics of the thread as well as additional behavior information such as contact domains and URLs.


Max. filesize: 20MB
Sample: http://apk-analyzer.net/analysis/1607
Homepage: http://apk-analyzer.net/

Conclusion: Normal scanners, like Virustotal or Jotti are easy to find. But specific scanners, analyzing .apk files well, are hard to find. I don't think I have to list common online scanners too :).

If you're interested in Android security, take a break at http://wiki.secmobi.com/home

Hope you enjoy this list & have a nice time with them.
Oct 23rd, 2013, 7:39 pm

Image

I retired from moderating Android. Thanks to raindrops, Mr FuFu, XVI, jimking & verdasco. We'll see us :)
Oct 26th, 2013, 9:59 am
• Added Tracedroid
• Added Mobile-Sandbox
Oct 26th, 2013, 9:59 am

Image

I retired from moderating Android. Thanks to raindrops, Mr FuFu, XVI, jimking & verdasco. We'll see us :)
Mar 6th, 2014, 3:10 pm
• Added APK-Analyzer
Mar 6th, 2014, 3:10 pm

Image

I retired from moderating Android. Thanks to raindrops, Mr FuFu, XVI, jimking & verdasco. We'll see us :)
Jan 7th, 2015, 8:52 pm
Great post.
Jan 7th, 2015, 8:52 pm
Oct 16th, 2015, 12:16 pm
Sadly that none of antivirus scanners are implemented here on the Mobilism website.
Lately so many releases posted here, are infected with some nasty viri or malware.
Like for example in this post:
viewtopic.php?f=434&t=1283983&start=0
Oct 16th, 2015, 12:16 pm

Never be somebody's second, but always be second to one!
Nov 11th, 2015, 3:19 am
It is a good post and it is helpful.
Nov 11th, 2015, 3:19 am
Nov 26th, 2015, 9:25 am
I don't think we should trust the online antivirus tools as the main source of virus is Internet, they might install virus in our devices.
Nov 26th, 2015, 9:25 am
Nov 26th, 2015, 9:25 am
I don't think we should trust the online antivirus tools as the main source of virus is Internet, they might install virus in our devices.
Nov 26th, 2015, 9:25 am
Apr 16th, 2016, 7:03 pm
Thank you for useful info :)
Apr 16th, 2016, 7:03 pm
Aug 26th, 2019, 2:10 pm
Thanks.
Aug 26th, 2019, 2:10 pm