56
android Malware and analysis
some are less secure than others being inherently less robust or prone to
possible abuse such as collisions or other types of attacks.
On a practical level, an Android malware analyst should be iden-
tifying and searching for MD5, SHA1, and SHA256 values as these
are the values most commonly blogged about or found in common
data sets at the time of the writing of this book. As such, performing
search engine queries for all such values may help discover additional
information, abuse reports, samples, dates of a related incident and
more. A large number of tools exist to generate hash values of inter-
est, such as MD5SUM included in default installations of the Ubuntu
operating system.
$ md5sum abc.apk
153cf9b11ee14f1afb7c6e9a211d4b63 ...