Analysis of android update packages as a method to load forensic utilities and malicious applications to an android device

Mark Lohrum, Purdue University


Android devices are extremely popular and are projected to stay popular. Both forensic tools and malware exist designed specifically for Android devices. The purpose of this study is to explore a new method of loading forensic tools and malware to Android devices. This new method is the update module, which is used to install updates to the operating system. This thesis proposed and completed research to test four different custom update packages on three different Android devices. Two of the update packages contain forensic utilities and the other two contain malicious tools. An update package collecting web history using the device's API successfully executed on all three devices, and the other three update packages only successfully executed on the oldest device, a Nexus One. The cause for the differing results from the Nexus One to the other two devices is the version of the operating system on the device. The Nexus One ran the oldest version of Android which did not contain the same security measures as the newer operating systems on the other two devices. The newer devices had these security measures which stopped the update packages from executing successfully. The researcher concluded that these update packages are not ready to be used currently.




Liles, Purdue University.

Subject Area

Information Technology

Off-Campus Purdue Users:
To access this dissertation, please log in to our
proxy server