Dexter – Static Analyzer of Android Application Source Code
Nowadays, mobile technologies have brought with them the development of new services and the creation of new markets, such as the development of applications for these devices, causing an unprecedented popularization and an unstoppable demand for applications.
At the same time that the demand for quantity and quality of functionalities as well as more services and more applications grows, concerns about the security of mobile technologies on the part of companies and organizations have begun to increase. These devices usually contain a large amount of confidential information (photos, confidential documents, emails, contact with friends and colleagues, videos, passwords, PINs, etc.), becoming an important element for them and becoming an extension of their own identities. .
Cybercriminals and criminal organizations are no strangers to this revolution and have realized the enormous criminal potential that these technologies hold. A clear example of the above is that security threats associated with mobile technologies have not stopped growing since the first malicious code for mobile devices appeared.
In order to help evaluate the applications installed on Android mobile devices, and detect possible irregularities in them, the Dexter static code analyzer was published in its beta version at the end of November last year .
Among the features included in Dexter are:
- Complete dissection of the corresponding APK file
- Analysis of the application manifest and all permissions defined in the application
- Obtaining all the information about the Activities, Services, BroadcastReceivers and Content-providers that make up the application
- Detail of the classes defined in the application
- Generation of different views and / or graphics that allow obtaining a quick and easy view of the relationships between the different elements of the application
- Search for character strings within code
Through the information provided, we could ask ourselves questions such as:
- Is there a suspicious event on which the reception by the application is registered?
- Why does this application require the need to activate certain permissions?
As a note, remember that this type of source code analysis tools are usually only effective when the code of the application to be analyzed is not “obfuscated”.