The data that ASEF collects includes captured network activity and system access functions. All the data can then be parsed to help identify anything that is anomalous or potentially risky.
One way that risky Android applications can be identified is by the way these apps connect to them. ASEF will analyze the Web addresses that the Android app is accessing and compare those against the Google Safe Browsing list to see if there are any malware URLs or known bad sites. ASEF also tests Android apps against known malware signatures that have been publicly disclosed.
“Users can deploy ASEF and collect data at a very large scale,” said Parth Patel, vulnerability signature engineer for Qualys. “I would also expect that mobile security researchers could also integrate this with their own testing frameworks.”