Best Practice: Static Analysis
This section refers heavily to other OSAF Wiki pages.
- Obtain APK file
- Refer to Best Practice: Organization to set up the folder for analysis
- Convert the APK file. See Conversion of Relevant Android Files for more information
- Open the APK file via APK Inspector. See APK Inspector for more information
- Using the information found from APK Inspector, use JD GUI to open the JAR file
- Use permissions found via APK Inspector and look for these in the java code
- Look at the methods in the java code. What is each method doing?
- From the java code, does it look like the data is being stored on the phone? Sent somewhere else?
- Is the application converting data into an array through the java code?
- Create a hypothesis on what you believe the application is doing. This will be used for the dynamic portion of analysis