The black-box security assessment of Android applications involves pinpointing security relevant segments of the application.
Usually, this means a lot of struggling and blind shooting to locate encryption routines, password checking modules, root detection etc. In this talk, we introduce a new, widely usable approach to overcome this problem and the Proof-of-Concept tool deLogger.
This technique is based on altering the smali (Dalvik bytecode) source of the application which, on its own, is not a new idea at all but unlike with other similar tools here we alter every function start and end in order to monitor the interworking of the application. We use the Log API of the Android system to get detailed information about what is really going on. This talk introduces the method, the tool and provides some examples to illustrate our point.