At Queryella, we offer a fully automated analytics platform that uses the latest research in security and privacy analytics. This combines static, dynamic and hybrid analysis using artificial intelligence to identify IT security issues or potential leaks of sensitive data. Since apps need to be examined without source code, our analyses are focused on binaries and provide reliable results even when common obfuscators have been used.
These analyses can be combined in a workflow and adapted to the individual needs of our customers. The individual analyses can be assigned to the following categories:
Automatic detection of meta-information and its further processing with our analysis engine. This allows the entry points to be identified and the context of the app to be classified. For example, the various representations of an app can thus be examined or the results compared with similar apps.
Queryella’s Library Detection reliably detects third-party libraries used in an app, including their current version. This also includes a comparison with known vulnerabilities and how they relate to an app’s main functions.
Obfuscate strings and remove dynamic loading by replacing the dynamic code part with the actual code. This enables deeper analysis of hidden code that may also contain vulnerabilities.
Identify data sources and sinks of an app using static analysis and get the data flow between these sources and sinks. This includes checking whether a vulnerability is even accessible from the main application code.
AI-powered and fully automated instrumentation to track data flows as the app runs, including the latest anti-debugging detection. This not only tracks what data is really going from sources to sinks but also explores what inputs are being sent to which destinations.
Customize an analysis and its associated report to meet your unique needs by either adding or removing individual analysis steps. Reports can be customized to different levels of abstraction so that they can be used either as a decision-making tool in the business area or as a detailed report for the quality department.
Hybrid analytics use static and dynamic analytics in different orders, allowing insights from one analysis to flow into the next, identifying more data flows.