This repository contains the code implementation of paper titled "COMEX: Deeply Observing Application Behavior on Real Android Devices" accepted in Usenix CSET'24. COMEX is a testbed for dynamic analysis of android applications on real mobile devices.

DCoP is the main data collection pipeline that analyzes individual APKs using the AXMod module.

AXMoD works in two phases - (1) Setup phase, and (2) Analysis phase.

In this phase we follow the steps (shown in figure) to have a baseline device state.

In this phase the APK under test is executed on the device and analysis data is pulled from it.

• Rooted device.
• Connect device to the host PC using ADB. The DCoP module requires a host PC with connected devices for execution.
• Setting up a virtual machine for each device. 'Monkeyrunner' does not support parallelism. Thus, to run monkeyrunner on mulitple devices simultaneously which are connected to a single host machine, we create multiple VMs and assign each device to a specific VM.

• Setup AXMoD (follow its readme).

• To execute the module run raw_testbed.py, located in the directory <Path to COMEX>/COMEX/COMEX_AXMoD/raw_testbed.py. You must provide a parameter specifying the full path to the APK file to be executed.

• An example testcase can be seen as follows:

python3 raw_testbed.py <Path to COMEX>/COMEX/COMEX_AXMoD/apks/<APK name>

Running this script will generate raw analysis data in multiple folders such as netstat, stracelogs, etc. Refer to AXMoD for more details on raw data.

• Setup AXMoD (follow its readme)
• Setup DCoP (follow its readme)

• To execute the module run dynamic.py, located in the directory <Path to COMEX>/COMEX/COMEX_DCoP/dynamic.py>.

• An example testcase can be seen as follows:

python3 dynamic.py

Running this script will generate raw analysis data in VM's which can be transferred to some remote location as per requirement.