OWASP SeraphimDroid Project

• (6.9.2015) New version (v2.0) of OWASP Seraphimdroid is released on Google play store. Blog post about new features can be read here
• (10.7.2015) OWASP Seraphimdroid is participating at OWASP Summer Code Sprint 2015
• (2.10.2014) OWASP Seraphimdroid was featured on a front page and interview with a project leader was published in Libre!, Serbian online magazine about open source. Issue 29 of the Libre! magazine, where the interview was published can be seen here
• (5.9.2014) The first release of OWASP Seaphimdroid was released on Google play. Blog post about features can be read here
• (1.6.2014) OWASP Searaphimdroid participates on Google Summer of Code
• (2.2.2014) Article about malicious use of Android permissions was published by Digital Forensics magazine. This paper was a result of research conducted on OWASP Seraphimdroid project. Article can be viewed here

OWASP Seraphimdroid is

• Android application
• Open source
• Completely free (no paid for 'Pro' version)
• Community based, with involvement actively encouraged
• Under active development by an international team of volunteers

OWASP Seraphimdroid has two aims:

• To protect user's privacy and secure the device against malicious features and threats
• To educate user about threats and risks for their privacy, privacy of their data and security of their device.

Features:

• Permission scanner. Permission scanner will show you the list of all installed application and the permission they are using. Also app will describe potential malicious use of certain permissions. Seraphimdroid is using machine learning in order to predict whether application might be malicious (be a virus, Trojan, worm, rootkit, etc) or not and will notify the user. Currently, we use SVM/SMO model trained on M0Droid malware/goodware dataset, which performed with accuracy of 88%.
• Application locker. With OWASP Seraphimdroid, you may lock access to certain or to all of your application with password
• Service locker. This feature enables user to lock usage of WiFi, mobile network and Bluetooth with a password.
• Install lock. This feature can lock all installing and uninstalling action on your device. Great for parental control.
• Incoming SMS blocker. This feature will scan all incoming messages and alert user if it find in the content potential phishing
• Outgoing SMS scanner. The application will monitor outgoing SMS and alert user if the some of the application is trying to send SMS. This is the usual scenario how malware creators earn money - by sending premium SMS messages.
• Outgoing call blocker. This feature will allow you to perform normally outgoing calls, but it will block outgoing calls performed by other installed applications. Similarly to outgoing SMSes, this is the scenario malware creators use to earn money.
• Geo-fencing. This feature allows user to set a location range where the device should be. If the device exits the range it may set up alarm or start sending messages to the defined number with its location.
• SIM change detector. Ask password when SIM card is changed in order to assure that the owner of the device is changing SIM card. Perfect for theft protection.
• Remote location. If you lost your phone, you'll be able to send SMS with a defined secret code as a content and your phone will reply with the location coordinates of the device.
• Remote lock. Similarly, you may lock your device using a message with secret code
• Remote wipe. If your phone is stolen, you may send a message with secret code and wipe all user data from the phone.

Q1

A1

Q2

A2

Volunteers and contributors

OWASP SeraphimDroid is developed by a worldwide team of volunteers. The primary contributors to date have been:

• Nikola Milosevic
• Aleksandar Abu Samra
• Chetan Karande
• Ali Tekeoglu
• Furquan Ahmed
• Kartik Kohli

Corporate sponsors

Individual sponsors

Others

As of SeraphimDroid, the priorities are:

• MVP development of Android security application with educational content
• Documenting approaches taken during the development
• Try to publish some papers
• Further development and improvement

Involvement in the development and promotion of SeraphimDroid is actively encouraged! You do not have to be a security expert in order to contribute.

Some of the ways you can help:

• Help coding open source security app
• Write project documentation
• Help with marketing and reaching more users and contributors
• Design logo or controls
• Research possible permission misuse, models for fraud and spam detection, new anti-theft approaches
• Just let us know what as a user you would like to see new or improved

Future development should include:

• Handling spam messages (SMS, MMS) in a better way
• Developing Seraphimdroid as extendable platform with plugins made by other developers
• Handling dangerous and malicious web pages while surfing
• Advanced behavioral and machine learning based malware analysis
• Developing educational content within the application
• Advanced anti-theft and anti-loss measures

If you want to contribute please contact project leader Nikola Milosevic [2]