System and method for detecting malware in mobile device software applications
First Claim
Patent Images
1. A method for testing a mobile device software application, the method comprising:
- receiving a list of one or more system calls of interest;
initiating one or more tests on the mobile device software application, wherein the one or more tests include extracting a manifest from the mobile device software application and parsing the extracted manifest to extract information regarding one or more intents and one or more permissions associated with the mobile device software application, wherein the one or more intents are messaging objects used to request an action from one or more components of the mobile device software application;
receiving a system call generated by the mobile device software application in response to the one or more tests;
determining if the received system call matches one or more of the system calls on the received list of system calls of interest; and
if the received system call matches one or more of the system calls of interest on the received list;
hooking the one or more system calls generated by the mobile device software application in response to the one or more initiated tests, wherein hooking the one or more system calls includes recording one or more inputs of the system calls in a log file, calling the one or more system calls, and recording one or more return values of the one or more system calls in the log file.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for test a mobile device software application is provided. In one example, a mobile application can interface with an emulation environment or mobile device that has been loaded with a kernel module that is configured to intercept certain system calls made by the mobile application, log the system calls, and generate a report based on the logged system calls. A user of the test environment can interface with the environment via a web browser that can also be used to load one or more tests that can be applied to the mobile device software application.
-
Citations
24 Claims
-
1. A method for testing a mobile device software application, the method comprising:
-
receiving a list of one or more system calls of interest; initiating one or more tests on the mobile device software application, wherein the one or more tests include extracting a manifest from the mobile device software application and parsing the extracted manifest to extract information regarding one or more intents and one or more permissions associated with the mobile device software application, wherein the one or more intents are messaging objects used to request an action from one or more components of the mobile device software application; receiving a system call generated by the mobile device software application in response to the one or more tests; determining if the received system call matches one or more of the system calls on the received list of system calls of interest; and if the received system call matches one or more of the system calls of interest on the received list; hooking the one or more system calls generated by the mobile device software application in response to the one or more initiated tests, wherein hooking the one or more system calls includes recording one or more inputs of the system calls in a log file, calling the one or more system calls, and recording one or more return values of the one or more system calls in the log file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A testing system comprising:
-
a memory; one or more processors; one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs when executed by the one or more processors cause the processor to; receive a list of one or more system calls of interest; initiate one or more tests upon the mobile device software application, wherein the one or more tests include extracting a manifest from the mobile device software application and parsing the extracted manifest to extract information regarding one or more intents and one or more permissions associated with the mobile device software application, wherein the one or more intents are messaging objects used to request an action from one or more components of the mobile device software application; receive a system call generated by the mobile device software application in response to the one or more initiated tests; determine if the received system call matches one or more of the system calls of interest on the received list; if the received system call matches one or more of the system calls of interest on the received list; hook the one or more system calls generated by the mobile device software application in response to the one or more initiated tests, wherein hooking the one or more system calls includes recording one or more inputs of the system calls in a log file, calling the one or more system calls, and recording one or more return values of the one or more system calls in the log file. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer readable storage medium having stored thereon a set of instructions for testing a mobile device software application that when executed by a computing device, cause the computing device to:
-
receive a list of one or more system calls of interest; conduct one or more tests on the mobile device software application, wherein the one or more tests include extracting a manifest from the mobile device software application and parsing the extracted manifest to extract information regarding one or more intents and one or more permissions associated with the mobile device software application, wherein the one or more intents are messaging objects used to request an action from one or more components of the mobile device software application; receive a system call generated by the mobile device software application in response to the one or more tests; determine if the received system call matches one or more of the system calls on the received list of system calls of interest; if the received system call matches one or more of the system calls of interest on the received list; hook the one or more system calls generated by the mobile device software application in response to the one or more initiated tests, wherein hooking the one or more system calls includes recording one or more inputs of the system calls in a log file, calling the one or more system calls, and recording one or more return values of the one or more system calls in the log file. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification