This tool allows for an analysis of cryptographic API in Android applications. The tool was developed specifically to compare cryptographic API usage in benign vs. malicious applications and contains (weak) malware classifier based purely on cryptographic API features. We strive to provide an end-to-end solution, delivering all steps in the analysis:
We provide a Docker image to foster experiment reproducibility. Additionally, we describe our controlled environment and give guidance for anyone who wishes to fully replicate our research in our docs.
This repository accompanies the following paper
A Longitudinal Study of Cryptographic API: a Decade of Android Malware.
Conference: SECRYPT 2022
Paper pdf: arXiv:2205.05573
You can cite this research as follows.
The project is written and tested on Python 3.8. Apart from bare Python, the tool requires integration with some patched repositories. Due to complex installation process, we offer a Docker image of our tool that can be run interactively. In addition, the Dockerfile contains consise instructions on how to install our tool on vanilla Ubuntu.
You can run a complete analysis on a toy dataset (~100 APKs) in Docker using the following commands.
docker pull adamjanovsky/cryptomlw:latest
,docker run -it adamjanovsky/cryptomlw
,cd AndroidMalwareCrypto && ./examples/sample_experiment/execute_sample_experiment.sh
/home/user/AndroidMalwareCrypto/AndroidMalwareCrypto/examples/sample_experiment/data
. You can also compare the outputs that you achieved with a template output located at experiment_output and experiment_report.It is recommended that you set up a Docker volume outside of the container and use it in combination with the image to produce results stored on your local folder outside of the docker container.
Analyzing a large dataset (>100 APKs) in Docker can be slow. For that reason, we recommend that you visit our docs where the full protocol of how to replicate our research is written.
This project is licensed under the MIT license.
We consider this project to be complete on the Android platform. Still, we plan to continue our exploration of cryptography in malware on other platforms. If you think of helping us with these efforts, you discovered a bug, or perhaps you want to enhance the functionality of androidcrypto
, please do not hesitate to open an issue or contact the authors.
The study is a joint work of Center for Research on Cryptography and Security at MUNI and University of Cagliari.
Adam Janovsky, adamjanovsky@mail.muni.cz is a corresponding author.