“What does this application do?” is a question that analysts often ask themselves when performing an application assessment or analyzing mobile malware. CobraDroid was designed to answer this question. CobraDroid is a full-featured Android sandbox that includes the ability to modify device and radio identifiers, proxy network traffic with SSL validation bypassing, and perform per application method hooking, alerting, and packet capturing (and more!).
This talk discusses how CobraDroid can be used for Android malware analysis and application assessments. It will include a discussion of the techniques used to assess applications and a demonstration of the tool.