Andriod Antivirus Development has started!
Over the past few days I have been working on adding Scanning installed Applications already installed on the device. this is done to detect malware that is already installed on the device and may have been installed for a while.
Break down of the features
File Scanning Break down
so how am I going to do this once the app is already installed… my first thought was identifying the installed apps be there installed package name “com.android.sdksetup” for example but this is determined by the developer and can be changed to avoid detection. so my next thought is to use the package name and hash of the signature of the package allowing me to indemnity the malicious packages installed with limited false positives.
However this is not fool proof as this can be bypassed by copying the app code in to another project with a different name and signing it with a different signature. but for now this will work for me. we could use a combination of package name, permissions, receivers and signature to detect other versions or modified copy’s but we will explore this later.
Example of the signature
This is an example of the signature i am using to detect another app that i created that is not malicious but is installed on the virtual android device.
After working on this for a little while about 2 days i am now able to scan installed applications on the android device in this case a phone.
we can now scan for installed applications however we cant uninstall them or remove them currently but that is still to come.
for now we have a working file scanner and and working installed app scanner which is coming along nicely.