Pre-installed apps on Android devices typically have elevated privileges, restricted removal options, and broader access to sensitive system resources. This privileged status makes them attractive targets for attackers, introducing significant security risks. However, their security evaluation is often confined to static analysis during development or initial deployment, leaving runtime vulnerabilities largely unexamined.

As a result of a previous collaboration between CYD Campus and ZHAW, a framework for re-hosting the Application Layer from a physical device to a virtual environment has already been developed. This framework will be used as a basis in this project and extended to test the capabilities of the virtual environment for the dynamic analysis of pre-installed Android apps.

Dynamic analysis provides an effective methodology for identifying vulnerabilities in pre-installed Android apps by examining their behavior during runtime. In contrast to static analysis, which evaluates code in a non-executing state, dynamic analysis facilitates the detection of security flaws that manifest under real-world operational conditions, such as unexpected input handling, race conditions, and environmental dependencies. By utilizing techniques such as instrumentation frameworks, runtime monitoring, and behavioral profiling, dynamic analysis can reveal vulnerabilities that are not apparent during the development phase. This approach offers a comprehensive understanding of how apps interact with system components and external resources, positioning it as an essential strategy for improving the security of pre-installed software.

The main goal of this project is to advance the capabilities of re-hosting Android firmware at the application layer to support diverse use cases, including dynamic analysis of Android apps. This involves achieving comprehensive re-hosting across a wide range of Android firmware samples, ensuring compatibility and functionality within virtual environments. A scalable deployment pipeline will be developed to streamline the integration and testing of these firmware samples, enabling efficient large-scale processing. To assess the effectiveness of the framework, an evaluation pipeline will be implemented to quantitatively measure its capabilities and performance, culminating in the publication of scientific results.

Furthermore, the feasibility of leveraging application-layer re-hosting for security use cases will be explored, focusing on threat modeling, vulnerability detection, and security analysis. By applying these capabilities, the project aims to design and implement a tool for runtime vulnerability detection in pre-installed Android apps, identifying issues such as insecure API usage, data leakage, and privilege escalation. This holistic approach bridges re-hosting advancements with practical security applications, driving innovation in Android app analysis and testing.