One way to keep our phones safe is to download applications only from official stores or from the website of a trusted developer or manufacturer, but we are still not totally safe and trouble-free.
Despite the security filters applied by the markets, malicious Apps can sneak in and others, despite being created by reliable developers, can make insecure connections with different servers, generating privacy problems, or expose users to different threats by third-party advertising medium.
There are different situations that can occur, my intention in this article is not to comment on all of them, but rather to talk about a couple of online tools that can help us analyze applications in a little more depth and in a very simple way.
I discovered them thanks to this excellent article from Dragonjar where they teach us to audit the safety of smart toys or any kind of IoT device. It is a highly recommended reading.
Online antivirus for APK applications:
As many will know, Android apps have the extension .apk And although we do not have direct access to these files from Google Play, there are different ways to obtain them. One of them is to use the APKpure.com website that is responsible for downloading the free Apps directly from Google Play, by entering their ID or URL.
Note: To install apps, I recommend you always do it from Google Play and avoid these intermediary services, since they can modify the .apk that is downloaded.
Once we have the .apk we can upload them directly to the tools to be analyzed.
Sanddroid: the APK is uploaded from the Upload section and then in the Overview tab we can access the report once it is processed. The information offered by this tool is very complete, from the permissions and resources that the App uses, to the URLs with which it connects to send and receive information.
Reverse.it: works in a similar way, the APK is uploaded and Android Static Analysis is selected as the analysis environment. Once it is processed we will be redirected to the results page.
There are other tools that can be used, in fact three more are discussed in the Dragonjar article. But these are very useful for doing a quick and relatively in-depth analysis on applications, at least to understand a little better what they do behind the scenes.
Finally, comment that the classic and well-known VirusTotal.com service (from Google) also allows you to analyze APKs. In addition to displaying the results of different antivirus programs, it also displays additional data that can be very useful.
Bonus: If you want to know more about how antivirus works on Android and how an attacker can evade them, I recommend watching this conference from DragonJAR Security Conference 2016.
You can also see this video that I recorded some time ago, where I show how a simple App can take pictures from our cell phones and do many other things without us noticing.