Core features of Akana:

The IAE is easy to use.

- The layout and operation of IAE is very similar to netbeans or eclipse, a professional user can use “Goto Declaration”, “Show Xref”, “Show Call Hierarchy” etc. to navigate between codes in the apk file easily.

- Besides the basic need of interactive analysis, we give more hints for professional user about the usage of “string”, “method invocation”, “embedded code” etc. In the meantime, navigation between resource and code, string and resource etc. is also provided.

- We have made a deep optimization for data transfer, which makes the interaction as if the data is located in local file system.

The plugins in Akana can provide user an insight analysis result.

- Analyzing sensitive operation

Plugins for Akana are developed on program analysis theory but *NOT* string scanning. We use an intra-procedure dataflow analyzer to get a more precise result. To make this explicit, you can write code in a class:

		      String sms = "content://sms/inbox"; 

And acquire permission in your AndroidManifest.xml file:

			  <uses-permission android:name="android.permission.READ_SMS"/>

As we know, all other online detection system consider the permission android.permission.READ_SMS is used by the app. But it’s not the truth (As we know, most engines use Adrienne P. Felt's permission map to identify an invocation. In this case, they use content://sms to represent the usage of this.context.getContentResolver().query()).

Another example:

			  sendTextMessage("12345", null, null, null, null);
			  void sendTextMessage(String foo, String foo1, String foo2, String foo3, String foo4){			  

The above code snippet will fool almost all detect engines. By using CHA technology, we know where the sendTextMessage method really point to.

Certainly, the above 2 samples are just PoCs, We don't belive any guy will write these boring code. But the last example is the real problem the off-the-shelf products confront now.

			  this.getPackageManager().setComponentEnabledSetting(this.getComponentName(), 2, 1);

This is a case that the app use to remove it's icon from LAUNCHER. For the method name setComponentEnabledSetting has multiple meaning when using different argument, and there is no noticeable features for the argument (in this case, it's 2), most static analysis tool will not discover the illegal usage of the method. To our knowlodge, this is why nost static analysis engine do not provide a UI, but just the analysis result.

- Analyzing context of the sensitive operation

Based on context of a sensitive operation (call hierarchy analysis, structure analysis, etc.), malicious operation can be classified from benign operation. Vulnerable code can be classified from safe code.


For more details, you can visit our Competition and Comparison.