Justin Grover (The MITRE Corporation)

Abstract

In this research, a prototype enterprise monitoring system for Android smartphones was

developed to continuously collect many data sets of interest to incident responders, se-

curity auditors, proactive security monitors, and forensic investigators. Many of the data

sets covered were not found in other available enterprise monitoring tools. The prototype

system neither requires root privileges nor the exploiting of the Android architecture for

proper operation, thereby increasing interoperability among Android devices and avoiding

a spyware classification for the system. An anti-forensics analysis on the system was

performed to identify and further strengthen areas vulnerable to tampering. The contri-

butions of this research include the release of the first open-source Android enterprise

monitoring solution of its kind, a comprehensive guide of data sets available for collection

without elevated privileges, and the introduction of a novel design strategy implementing

various Android application components useful for monitoring on the Android platform.