AndrotomistLite

AndrotomistLite is a lightweight CLI version of the Androtomist tool which performs Android .APK analysis.

It is a wrapper written in .NET Core 3.1 which utilizes various tools to perform:

Code analysis using ApkTool and APKProfiler
Taint analysis using pyflowdroid
Dynamic instrumentation using Frida

Setup

1. Code analysis requires Apktool, just place the apktool and the .bat file in the same folder as the Runner.exe.

2. Taint analysis requires installation of pyflowdroid:

			$ pip install pyflowdroid
			$ python -m pyflowdroid install

3. Dynamic instrumentation requires extra configuration in the appsettings.json file, such as the android platform tools folder path, the frida folder path, instrumentation script path, and remote address and port to allow connections with network VMs

This is a lightweight tool and is better suited for smaller projects that don't require a database.

The source code can be found on Github.

Licence Androtomist's source code is offered under the European Union Public Licence (https://ec.europa.eu/info/european-union-public-licence_en)

Please cite our paper: Kouliaridis, V.; Kambourakis, G.; Geneiatakis, D.; Potha, N. Two Anatomists Are Better than One—Dual-Level Android Malware Detection. Symmetry 2020, 12, 1128