An analyst is investigating behavior on a corporate-owned, corporate-managed mobile device with application whitelisting enabled, based on a name string. The employee to whom the device is assigned reports the approved email client is displaying warning messages that can launch browser windows and is adding unrecognized email addresses to the “compose” window.
Which of the following would provide the analyst the BEST chance of understanding and characterizing the malicious behavior?
A. Reverse engineer the application binary.
B. Perform static code analysis on the source code.
C. Analyze the device firmware via the JTAG interface.
D. Change to a whitelist that uses cryptographic hashing.
E. Penetration test the mobile application.
Correct Answer: B