Methods and apparatuses for improved app security testing
First Claim
1. A method for improved app security testing, the method comprising:
- processing, by a security analysis system, an app for analysis;
analyzing the app by diagnostic circuitry of the security analysis system, wherein analyzing the app includes at least performing static analysis on the app and causing performance, by a lab rig, of non-emulated dynamic analysis on the app by;
selecting the lab rig based on its compatibility with the app;
causing instrumentation of the lab rig to facilitate capture of interactions by the app;
causing execution of the app by the lab rig;
recording instrumentation data from the lab rig during execution of the app, the instrumentation data including system interactions made by the app and network traffic initiated by the app; and
upon completion of the non-emulated dynamic analysis, causing the lab rig to execute a service returning the lab rig to a clean state, wherein causing the lab rig to execute a service returning the lab rig to a clean state comprises;
auto-rooting the lab rig,installing native hooks and custom loader to the lab rig,installing custom modules to the lab rig, andauto connecting the lab rig to one or more predefined networks,generating, by the security analysis system and based on analyzing the app, a set of risk issues presented by the app; and
outputting, by the security analysis system, the set of risk issues.
4 Assignments
0 Petitions
Accused Products
Abstract
Embodiments are disclosed for performing static and/or non-emulated dynamic analysis of mobile computing device software to improve app security testing. In the context of a method, an example embodiment includes processing, by a security analysis system, an app for analysis. This example embodiment of the method further includes analyzing the app by diagnostic circuitry of the security analysis system. In this regard, analyzing the app includes at least one of performing static analysis on the app or causing performance, by a lab rig, of non-emulated dynamic analysis on the app. In turn, this example embodiment further includes generating, by the security analysis system and based on analyzing the app, a set of risk issues presented by the app, and outputting, by the security analysis system, the set of risk issues. Corresponding apparatuses and computer program products are also provided.
-
Citations
18 Claims
-
1. A method for improved app security testing, the method comprising:
-
processing, by a security analysis system, an app for analysis; analyzing the app by diagnostic circuitry of the security analysis system, wherein analyzing the app includes at least performing static analysis on the app and causing performance, by a lab rig, of non-emulated dynamic analysis on the app by; selecting the lab rig based on its compatibility with the app; causing instrumentation of the lab rig to facilitate capture of interactions by the app; causing execution of the app by the lab rig; recording instrumentation data from the lab rig during execution of the app, the instrumentation data including system interactions made by the app and network traffic initiated by the app; and upon completion of the non-emulated dynamic analysis, causing the lab rig to execute a service returning the lab rig to a clean state, wherein causing the lab rig to execute a service returning the lab rig to a clean state comprises; auto-rooting the lab rig, installing native hooks and custom loader to the lab rig, installing custom modules to the lab rig, and auto connecting the lab rig to one or more predefined networks, generating, by the security analysis system and based on analyzing the app, a set of risk issues presented by the app; and outputting, by the security analysis system, the set of risk issues. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An apparatus for improved app security testing, the apparatus comprising at least one processor and at least one memory storing computer-executable instructions, that, when executed by the at least one processor, cause the apparatus to:
-
process an app for analysis; analyze the app, wherein analyzing the app includes at least performing static analysis on the app and causing performance, by a lab rig, of non-emulated dynamic analysis on the app by; selecting the lab rig based on its compatibility with the app; causing instrumentation of the lab rig to facilitate capture of interactions by the app; causing execution of the app by the lab rig; recording instrumentation data from the lab rig during execution of the app, the instrumentation data including system interactions made by the app and network traffic initiated by the app; and upon completion of the non-emulated dynamic analysis, causing the lab rig to execute a service returning the lab rig to a clean state, wherein causing the lab rig to execute a service returning the lab rig to a clean state comprises; auto-rooting the lab rig, installing native hooks and custom loader to the lab rig, installing custom modules to the lab rig, and auto connecting the lab rig to one or more predefined networks, generate, based on analyzing the app, a set of risk issues presented by the app; and
output the set of risk issues. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A computer program product comprising at least one non-transitory computer-readable storage medium for improved app security testing, the at least one non-transitory computer-readable storage medium storing computer-executable instructions that, when executed, cause an apparatus to:
-
process an app for analysis; analyze the app, wherein analyzing the app includes at least performing static analysis on the app and causing performance, by a lab rig, of non-emulated dynamic analysis on the app by; selecting the lab rig based on its compatibility with the app; causing instrumentation of the lab rig to facilitate capture of interactions by the app; causing execution of the app by the lab rig; recording instrumentation data from the lab rig during execution of the app, the instrumentation data including system interactions made by the app and network traffic initiated by the app; and upon completion of the non-emulated dynamic analysis, causing the lab rig to execute a service returning the lab rig to a clean state, wherein causing the lab rig to execute a service returning the lab rig to a clean state comprises; auto-rooting the lab rig, installing native hooks and custom loader to the lab rig, installing custom modules to the lab rig, and auto connecting the lab rig to one or more predefined networks, generate, based on analyzing the app, a set of risk issues presented by the app; and
output the set of risk issues.
-
Specification