<a href="https://colab.research.google.com/github/Lucas-CardosoO/android-emulator-detector/blob/feat%2Fnotebook_analysis/notebooks/EmulatorAnalysis.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

# Android Emulator detection

## Handling files and uploading

This loads the logs from my Drive, real device logs are not provided due to privacy reasons.

The files are loaded on the tmp folder.

In [1]:
!rm -rf /tmp/logs
!mkdir /tmp/logs
!cp -r /content/drive/MyDrive/TCC/Notebook\ Data/Logs/ /tmp/logs

In [2]:
cd /tmp/logs/Logs

/tmp/logs/Logs


In [3]:
import os

all_subdirs = [d for d in os.listdir('.') if os.path.isdir(d)]
all_subdirs

['User Logs', 'Bluestacks', 'Nox', 'Genymotion', 'Android Studio']

Extracting zip files.

In [4]:
import zipfile

extension = ".zip"
for dir in all_subdirs:
  for item in os.listdir(dir):
    if item.endswith(extension):
      path = dir + "/" + item
      new_path = (str(path)).replace(extension, "")
      abs_path = os.path.abspath(new_path)
      os.makedirs(abs_path)
      zip_ref = zipfile.ZipFile(path)
      zip_ref.extractall(abs_path)
      zip_ref.close()
      os.remove(path)

## Loading logs as Dataframes

Defining helper functions

In [5]:
import pandas as pd

def get_dataframe_from_dir(dir):
  file_name = "log_0.tsv"
  df = pd.DataFrame({'descriptions': pd.Series(dtype='str'),'collected_data': pd.Series(dtype='str'),'emulator_detected': pd.Series(dtype='bool'),'collection_duration': pd.Series(dtype='int')})
  for item in os.listdir(dir):
    new_df = pd.read_csv(dir + "/" + item + "/" + file_name, sep = '\t')
    df = df.append(new_df, ignore_index=True)
  return df

def log_count(dir):
  return len(os.listdir(dir))

In [6]:
bluestacks_df = get_dataframe_from_dir("Bluestacks")
bluestacks_log_count = log_count("Bluestacks")
display(bluestacks_df)

Unnamed: 0,descriptions,collected_data,emulator_detected,collection_duration
0,isEmu vectorization detection. isEmu may be -1...,"{ABI=x86_64, isEmu=-1}",False,4
1,Build data (Basic),"{osVersion=25, model=ONEPLUS A5000, fingerprin...",False,4
2,Emulator files,{},False,5
3,Quemu known drivers,{},False,2
4,QEmuProps,{},False,1
...,...,...,...,...
75,External File,{Name=/storage/emulated/0/windows/BstSharedFol...,True,4
76,Build data (Paper),"{osVersion=25, model=ONEPLUS A5000, fingerprin...",True,0
77,Check Telephony Framgia,"{Phone Number=, Device ID=567294909334509, Net...",False,18
78,Open GL,{openGLRender=Adreno (TM) 540},False,38


In [7]:
android_studio_df = get_dataframe_from_dir("Android Studio")
android_studio_log_count = log_count("Android Studio")
display(android_studio_df)

Unnamed: 0,descriptions,collected_data,emulator_detected,collection_duration
0,isEmu vectorization detection. isEmu may be -1...,"{ABI=x86_64, isEmu=-1}",False,35
1,Build data (Basic),"{osVersion=30, model=sdk_gphone_x86_64, finger...",False,3
2,Emulator files,{pipes=[/dev/qemu_pipe]},True,76
3,Quemu known drivers,{},False,38
4,QEmuProps,{},False,84
...,...,...,...,...
75,External File,{Name=/storage/emulated/0/windows/BstSharedFol...,False,5
76,Build data (Paper),"{osVersion=30, model=sdk_gphone_x86_64, finger...",True,0
77,Check Telephony Framgia,"{Phone Number=+15555215554, Device ID=null, Ne...",True,231
78,Open GL,{openGLRender=Android Emulator OpenGL ES Trans...,True,80


In [8]:
genymotion_df = get_dataframe_from_dir("Genymotion")
genymotion_log_count = log_count("Genymotion")
display(genymotion_df)

Unnamed: 0,descriptions,collected_data,emulator_detected,collection_duration
0,isEmu vectorization detection. isEmu may be -1...,"{ABI=x86, isEmu=-1}",False,19
1,Build data (Basic),"{osVersion=28, model=Google Nexus 4, fingerpri...",True,2
2,Emulator files,"{x86=[fstab.vbox86, init.vbox86.rc, ueventd.vb...",False,2
3,Quemu known drivers,{},False,44
4,QEmuProps,{},False,9
...,...,...,...,...
75,External File,{Name=/storage/emulated/0/windows/BstSharedFol...,False,3
76,Build data (Paper),"{osVersion=28, model=Google Nexus 4, fingerpri...",True,0
77,Check Telephony Framgia,"{Phone Number=15555218135, Device ID=000000000...",True,112
78,Open GL,{openGLRender=Android Emulator OpenGL ES Trans...,True,201


In [9]:
nox_df = get_dataframe_from_dir("Nox")
nox_log_count = log_count("Nox")
display(nox_df)

Unnamed: 0,descriptions,collected_data,emulator_detected,collection_duration
0,isEmu vectorization detection. isEmu may be -1...,"{ABI=x86, isEmu=-1}",False,11
1,Build data (Basic),"{osVersion=25, model=SM-G930L, fingerprint=sam...",False,6
2,Emulator files,{},False,2
3,Quemu known drivers,{},False,11
4,QEmuProps,{},False,2
...,...,...,...,...
75,External File,{Name=/storage/emulated/0/windows/BstSharedFol...,False,16
76,Build data (Paper),"{osVersion=25, model=SM-G930L, fingerprint=sam...",True,0
77,Check Telephony Framgia,"{Phone Number=13812582808, Device ID=864394020...",False,42
78,Open GL,{openGLRender=Adreno (TM) 640},False,15


In [10]:
real_devices_df = get_dataframe_from_dir("User Logs")
real_devices_log_count = log_count("User Logs")
display(real_devices_df)

Unnamed: 0,descriptions,collected_data,emulator_detected,collection_duration
0,isEmu vectorization detection. isEmu may be -1...,"{ABI=arm64-v8a, isEmu=0}",False,1
1,Build data (Basic),"{osVersion=31, model=SM-G980F, fingerprint=sam...",False,1
2,Emulator files,{},False,1
3,Quemu known drivers,{},False,1
4,QEmuProps,{},False,0
...,...,...,...,...
59,External File,{Name=/storage/emulated/0/windows/BstSharedFol...,False,2
60,Build data (Paper),"{osVersion=29, model=Redmi Note 8, fingerprint...",True,1
61,Check Telephony Framgia,"{Phone Number=, Device ID=null, Network Operat...",False,149
62,Open GL,{openGLRender=Adreno (TM) 610},False,23


In [11]:
total_log_count = bluestacks_log_count + android_studio_log_count + nox_log_count + genymotion_log_count + real_devices_log_count
total_log_count

total_df = pd.concat([bluestacks_df, android_studio_df, nox_df, genymotion_df, real_devices_df], ignore_index=True)
display(total_df)

Unnamed: 0,descriptions,collected_data,emulator_detected,collection_duration
0,isEmu vectorization detection. isEmu may be -1...,"{ABI=x86_64, isEmu=-1}",False,4
1,Build data (Basic),"{osVersion=25, model=ONEPLUS A5000, fingerprin...",False,4
2,Emulator files,{},False,5
3,Quemu known drivers,{},False,2
4,QEmuProps,{},False,1
...,...,...,...,...
379,External File,{Name=/storage/emulated/0/windows/BstSharedFol...,False,2
380,Build data (Paper),"{osVersion=29, model=Redmi Note 8, fingerprint...",True,1
381,Check Telephony Framgia,"{Phone Number=, Device ID=null, Network Operat...",False,149
382,Open GL,{openGLRender=Adreno (TM) 610},False,23


## Log Analysis

In [36]:
def emulator_detected_data_frame(data_frame, total_count): 
  emu_true = data_frame[data_frame['emulator_detected']]
  emu_true = emu_true['descriptions'].value_counts().to_frame(name = 'detection_count')
  emu_true['log_count'] = total_count
  emu_true['detection_percentage'] = emu_true['detection_count']/emu_true['log_count'] * 100
  return emu_true

### Bluestack Detection

Methods that were able to detect emulator

In [38]:
bluestacks_detected_methods = emulator_detected_data_frame(bluestacks_df, bluestacks_log_count)
bluestacks_detected_methods

Unnamed: 0,detection_count,log_count,detection_percentage
External File,5,5,100.0
Build data (Paper),5,5,100.0


### Android Studio Detection

Methods that were able to detect emulator

In [37]:
android_studio_detected_methods = emulator_detected_data_frame(android_studio_df, android_studio_log_count)
android_studio_detected_methods

Unnamed: 0,detection_count,log_count,detection_percentage
Emulator files,5,5,100.0
Check Telephony,5,5,100.0
Build data (Paper),5,5,100.0
Check Telephony Framgia,5,5,100.0
Open GL,5,5,100.0


### Genymotion Detection

Methods that were able to detect emulator

In [39]:
genymotion_detected_methods = emulator_detected_data_frame(genymotion_df, genymotion_log_count)
genymotion_detected_methods

Unnamed: 0,detection_count,log_count,detection_percentage
Build data (Basic),5,5,100.0
Check Telephony,5,5,100.0
Check Installed Packages,5,5,100.0
Build data (Paper),5,5,100.0
Check Telephony Framgia,5,5,100.0
Open GL,5,5,100.0


### Nox Detecion

Methods that were able to detect emulator

In [40]:
nox_detected_methods = emulator_detected_data_frame(nox_df, nox_log_count)
nox_detected_methods

Unnamed: 0,detection_count,log_count,detection_percentage
Build data (Paper),5,5,100.0


### Real Devices

False positives

In [42]:
real_devices_detected_methods = emulator_detected_data_frame(real_devices_df, real_devices_log_count)
real_devices_detected_methods

Unnamed: 0,detection_count,log_count,detection_percentage
Build data (Paper),4,4,100.0
