Virustotal launches Android Sandbox Droidy - gHacks Tech News

Virustotal launches Android Sandbox Droidy

Google owned Virustotal announced the launch of the Android sandbox Droidy today which replaced the Android sandbox environment that the service used since 2013. Google acquired Virustotal in 2012 and the service launched its first Android sandbox a year later in 2013.

Virustotal Droidy reveals details about an application's activity that the previous sandbox did not reveal including HTTP requests, DNS resolutions, IP traffic, system file activity, permissions, process and service actions, database use, crypto-related events and more.

Interested users can check out a sample report on the Virustotal website. Use it to switch between Virustotal Droidy and the classic Virustotal Sandbox to see the differences.

The information that the new sandbox accumulates is used by other Virustotal services, Intelligence and Graph, to provide a clearer picture of an Android application's activity.

Using Virustotal Droidy

virustotal droidy android sandbox

All you need to do is head over to the Virustotal website and drag & drop an Android APK on the field on the site, or use the upload button to pick an APK from the local system instead.

Virustotal computes the hash and displays scan results right away if the hash is already in the service's database; the APK is scanned if it is not.

Switch to behavior to see the list of actions that the sandbox detected during its analysis of the application.

Tip: you can click on detailed report to get additional details about hooked calls and screenshots that the sandbox captured during analysis.

Virustotal Droidy requires no Virustotal account. You still need an account to use some functionality such as Virustotal Graph on the site.

Closing Words

While security researchers may get the most out of Virustotal Droidy, it is clear that home users can benefit from the new Android sandbox as well.

If you download APKs from third-party sources or marketplaces, or even Google Play, you may want to run them through Droidy to find out more about their behavior before you install them on your Android device.

You could check out the network connections the app makes, take a look at captured screenshots, or take a closer look at file actions and service actions.

Related articles

Virustotal launches Android Sandbox Droidy
Article Name
Virustotal launches Android Sandbox Droidy
Google owned Virustotal announced the launch of the Android sandbox Droidy today which replaced the Android sandbox environment that the service used since 2013.
Ghacks Technology News

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Previous Post: «
Next Post: »


  1. Adnroid user said on April 5, 2018 at 5:03 pm

    I love, I always upload shady .apk files to then scan them with VirusTotal, it gives me such a peace of mind :)

  2. Stefan said on April 5, 2018 at 8:21 pm

    Trust Google ? Tsssss…….

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.

Be polite: we do not allow comments that threaten or harass, or are personal attacks. Please leave politics and religion out of discussions!