Fuse does not attempt to re-use prior results at this time. With respect to machine learning: We do have a prototype for malware detection using FUSE technologies that appears to have quite low false positive rates (FP: ~0.05%), but that is still at the research stage.
“Sandboxing” typically only applies to dynamic analyses (where the application has the opportunity to behave badly before you can tell that it is doing so -hence the need for a sandbox to keep that bad behavior contained), Because FUSE uses a static analysis, the application is never actually running, and is never in control, so no bad behavior is possible, and no sandbox is necessary.
Bulk upload can be achieved using the RESTful API.
FUSE is designed to detect unintentionally created vulnerabilities in APKs. It has been tested in on malware, and it is also 66.07% effective and detecting intentionally created malware with 0.56% false positives.
FUSE is designed to detect application level vulnerabilities and does not detect OS vulnerabilities.
FUSE averages 36 minutes to complete the analysis on an APK and runs in the background, sending you a message when it done.
FUSE decompiles and examines all the interactions of the application. It also analyzes the part of Android that each app interacts with (the Android APIs). It is common to send information through Android to another part of your app, or to another app entirely. FUSE takes that into account, detecting information flows and leaks that a simpler analysis will not find.
FUSE is comprised of the UI portal, a database, and the compute nodes. Scaling is achieved by adding compute nodes.
All three components can run on one host. FUSE needs a minimum 16GB of RAM (32GB or more is preferred), and at least 20GB of free disk space. FUSE runs on Linux and OS X.
A single-node instance of FUSE can validate approximately 160 APKs/day and scale linearly with additional compute nodes.
FUSE can support tens of thousands of concurrent users if they are just using the graph tool, queuing apps for analysis, or looking at reports.
- Ice Cream Sandwich (API 14 & 15; Android 4.0)
- Jelly Bean (API 16,17 & 18; Android 4.1-4.2)
- KitKat (API 19;Android 4.4)
- Lollipop (API 21 &22; Android 5.0 and 5.1)
- Marshmallow (API 23; Android 6.0)
FUSE supports API levels 14 through 23 (with the exception of the OS on the Android Watch, API 20: KitKat Watch)