Back to Table of Contents

The Cybersecurity Project Handbook: 32 Hands-On Projects for Offensive, Defensive & Emerging Domains

Project Chapter 16

Chapter 16 — DroidSecure

Based on: SIH1748 — Static Analysis Framework for Android Apps (NCIIPC)

Skills Required:

  • Mobile security fundamentals
  • Android application architecture (APK, DEX, manifest)
  • Static code analysis
  • Python and Java programming
  • Reverse engineering (using tools like jadx, apktool)
  • Security testing and vulnerability identification

Project Description

DroidSecure is a static analysis framework for Android applications focusing on detecting vulnerabilities and privacy issues. It analyzes APK files by decompiling DEX bytecode, parsing manifest files, and inspecting permissions and API usage. The goal is to identify common security flaws such as insecure data storage, improper permission handling, and vulnerable libraries. The framework supports extensible rule sets and integrates with CI pipelines to automate app vetting.

Tech Stack

  • Python for analysis scripts and automation
  • JADX, apktool for decompilation and decoding
  • Custom parsers for manifest and bytecode analysis
  • SQLite or ElasticSearch for storing scan data
  • Flask or FastAPI for API endpoints
  • Optional React frontend for result visualization

Week-wise Plan

Week 1 — Setup and Initial APK Decompilation

  • Set up environment with JADX, apktool, and required libraries.
  • Develop module to unpack APKs and extract manifest and DEX files.
  • Familiarize with Android app structure and required metadata.
  • Deliverable: APK unpacking tool with manifest extraction.

Week 2 — Manifest Analysis Module

  • Implement parsers for AndroidManifest.xml to check declared permissions, intents, and components.
  • Identify over-privileged requested permissions.
  • Deliverable: Manifest analyzer with detailed permission reports.

Week 3 — DEX Bytecode Parsing

  • Build modules to parse DEX files, extract method calls, API usage, and control flow.
  • Map calls to known vulnerable or deprecated APIs.
  • Deliverable: DEX parsing engine with basic API usage profiling.

Week 4 — Security Rules Engine

  • Implement rules to detect common vulnerabilities, including data leakage, insecure logging, and hardcoded secrets.
  • Support customizable rule sets for different security requirements.
  • Deliverable: Security rule engine with initial set of vulnerability checks.

Week 5 — Reporting and CI Integration

  • Create reporting formats in JSON and HTML summarizing findings and risk scores.
  • Integrate scanner as part of CI pipeline for automated app vetting.
  • Deliverable: Report generator and CI integration scripts.

Week 6 — Advanced Analysis and Obfuscation Handling

  • Implement techniques to analyze obfuscated code and control flow.
  • Add support for detecting anti-analysis techniques in apps.
  • Deliverable: Enhanced analysis engine with obfuscation detection.

Week 7 — Visualization and User Interface

  • Develop optional web frontend to display scan results interactively.
  • Support filters, drilling down into findings, and historical comparisons.
  • Deliverable: Web UI prototype for analysis results.

Week 8 — Testing and Documentation

  • Run extensive tests against known vulnerable apps from public datasets.
  • Document setup, usage instructions, and development guidelines.
  • Deliverable: Final tested framework with complete documentation.

Testing and Deliverables

  • Use sample APKs (known vulnerable apps, OWASP benchmarks) for validation.
  • Measure detection rates, false positives, and performance.
  • Deliver source code repository, test APKs, demo video, and user manuals.