SAND: Snapshot Utility For Android
SAND is an in-house mobile security suite engineered at Varutra to aid in mobile application security assessment, which covers all Android devices including smartphones, tablets, emulator etc.
For mobile application testing it is important to gather all the information within the android device and analyze relevant changes in application data and filesystem introduced by the target application. With its unique capabilities, SAND automates the logging of information on android device and intelligently identifies the transitions during the running cycle of an application.
The report generated by SAND illustrates the present state of android system and also compare any two snapshots at any given time.
The Snapshot module captures the following data:
- Applications (system/user app) installed on device/emulator
- Permissions for installed application
- Databases resident on device along with complete file hierarchy
- Records within all the tables of respective databases
- System Information (CPU statistics, Network Information, Memory, Open ports etc.)
One of the most vital features of SAND is to compares two distinct states of android system e.g. system states such as pre and post installation of applications, with and without authentication into the application, etc.
SAND eliminates the need of human intervention to analyze the complex changes on the android system by automating the process of system review.
SAND comparer feature facilitates Varutra mobile application security testers to identify:
- Any existing and newly created databases during the assessments
- Files that have been created/deleted/modified during the assessments
- Date and time of modification/alteration of particular files and databases
- Analysis on android device as well as application state
SAND add-ons such as GUI based FileSystem Explorer, Screen Monitor, Database Viewer reduces efforts of switching between terminals and devices to accomplish tasks such as browsing through files, Pushing and pulling data from the device/ emulator, etc. Simply, SAND add-ons provide complete control over device to the android application pentesters, via single GUI interface.
Reports generated by SAND are methodical, in depth and reliable. Reports can be exported to HTML, PDF or text formats.
At present SAND is used for in-house testing at Varutra.
Keep visiting us to know about public release of SAND.
For any query related to SAND, drop us a line here or email us from your corporate id on contact[at]varutra[dot]com and we will get back to you.
SiOS: Snapshot utility for iOS devices (iPhone, iPad and iPod)