For many types of applications, in order to accurately understand what is going on within them, access to source code is typically required. When it comes to Android Apps, a new effort from startup Bluebox Security is set to make access and visibility into mobile code easier than ever before. Bluebox is a mobile security […]
For many types of applications, in order to accurately understand what is going on within them, access to source code is typically required. When it comes to Android Apps, a new effort from startup Bluebox Security is set to make access and visibility into mobile code easier than ever before.
Bluebox is a mobile security startup backed by Andreeson Horowitz and Sun Microsystems co-founder Andy Bechtolsheim. The company’s Chief Scientist is well known application security expert Jeff Forristal, better known in the security community as Rain Forest Puppy. He is credited with the discovery of the SQL injection as an application attack.
Forristal’s company is now offering a free online service called, ‘Dexter’ that enables anyone to upload an Android app and then perform static analysis on it.
“We had a strong desire to implement very robust back-end analysis methods that will not fail in the presence of an app that may be trying to defeat an automated analysis,” Forristal told Datamation.
Dexter is also a multi-user online tool that enables groups of mobile analysts to collaborate for app research.
In terms of technology, Bluebox built much of the code for Dexter on their own, though Forristal noted that there are some open source components.
“We’ve done a lot of work to make sure we have a robust static and dynamic analysis engine,” Forristal said. “Think of it as a superset of what is available in the industry plus additional augmentation that we provide.”
Android applications leverage Java, which is a major help for security research. From a code perspective, the actual Java bytecode of an Android application can be decompiled to perform static analysis.
“One of the key attributes of Java, for better or for worse, is that there is a one-to-one relationship between the original source code and the actual bytecode, “Forristal said. “Java also embeds a lot of debugging and symbol information that really allows for the recovery of the source code or at least something that closely approximates the source code.”
Forristal noted that the Dexter backend also provides an Android .apk file browser that provides multiple views into what the code that makes up the app is all about. Dexter provides: Java class listing, inheritance relationships and package graph visualizations. Going deeper, the system can pull up individual areas of a package and analysts can get down into method bytecode visualizations.
“There is a relational query language and a text search feature that we have to allow you to cross navigate between methods and classes,” Forristal said. “From there, there is the ability for tagging and commenting on any code that you see.”
Dexter has automatic semantic annotation for different program elements, including application entry points. Code that deals with security cryptography, network access and Android privileges is also automatically identified.
“So if you have a particular interest and, for example, want to understand how an app is accessing the network, you can quickly find the areas of the app from there and analyze it,” Forristal said.
While Dexter is a robust tool for Android app analysis, it is not about providing a layperson with a simplified assessment of a given app’s security.
“Dexter is a foundational tool for an analyst skilled in Android applications to determine if there are problems,” Forristal said. “We are positioning Dexter as enhancing and augmenting the analyst effort more efficient, but it is not an anti-virus or security audit tool that specifically concludes that an app is malware.”
Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals Follow him on Twitter @TechJournalist.
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
FEATURE | By Samuel Greengard,
November 05, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
FEATURE | By Cynthia Harvey,
October 07, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
Top 10 Machine Learning Companies 2020
FEATURE | By Cynthia Harvey,
September 22, 2020
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
Anticipating The Coming Wave Of AI Enhanced PCs
FEATURE | By Rob Enderle,
September 05, 2020
The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
August 14, 2020
Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
